Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2005-12-09	CVE-2005-4138	Input Validation vulnerability in ThWboard Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php. network thwboard	4.3
2005-12-09	CVE-2005-4136	Cross-Site Scripting vulnerability in FAD Solutions Drzes HMS 3.2 Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter. network fad-solutions	4.3
2005-12-09	CVE-2005-4134	Buffer Overflow vulnerability in Mozilla Firefox Large History File Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. network low complexity k-meleon-project mozilla netscape	5.0
2005-12-08	CVE-2005-4095	Directory Traversal vulnerability in Docebolms 2.0.4 Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command. network low complexity docebolms	5.0
2005-12-08	CVE-2005-4091	Cross-Site Scripting vulnerability in 1-Script 1-Search 1.8 Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script 1-Search 1.8 allows remote attackers to inject arbitrary web script or HTML via the q parameter. network 1-script	4.3
2005-12-08	CVE-2005-4086	Remote and Local File Include vulnerability in Sugarcrm Sugar Suite 3.5/4.0Beta Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter. network low complexity sugarcrm	5.0
2005-12-08	CVE-2005-3665	Cross-Site Scripting vulnerability in PHPMyAdmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. network phpmyadmin	4.3
2005-12-08	CVE-2005-3661	Remote Credential Reset vulnerability in Dell TrueMobile 2300 Dell TrueMobile 2300 Wireless Broadband Router running firmware 3.0.0.8 and 5.1.1.6, and possibly other versions, allows remote attackers to reset authentication credentials, then change configuration or firmware, via a direct request to apply.cgi with the Page parameter set to adv_password.asp. network low complexity dell	5.0
2005-12-08	CVE-2005-4084	Remote Security vulnerability in Phpbb Extreme Styles xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier allows remote attackers to obtain the installation path of the application via an invalid viewbackup parameter. network low complexity phpbb-styles	5.0
2005-12-08	CVE-2005-4083	Directory Traversal vulnerability in Extreme Styles Phpbb Module Directory traversal vulnerability in xs_edit.php in the eXtreme Styles phpBB module 2.2.1 and earlier allows remote attackers to read arbitrary files via a .. network low complexity phpbb-styles	5.0

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium