Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-07 | CVE-2005-4066 | Cryptographic Issues vulnerability in Christian Ghisler Total Commander 6.53 Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm. | 4.9 |
| 2005-12-07 | CVE-2005-4063 | Cross-Site Scripting vulnerability in NetauctionHelp Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categoryname parameters to search.asp. network netauctionhelp | 4.3 |
| 2005-12-07 | CVE-2005-4062 | Cross-Site Scripting vulnerability in XcClassified CPSearch.ASP Cross-site scripting (XSS) vulnerability in CPSearch.asp in XcClassified 3.x allows remote attackers to inject arbitrary web script or HTML via the search parameters. network xcent | 4.3 |
| 2005-12-07 | CVE-2005-4061 | Cross-Site Scripting vulnerability in XcPhotoAlbum PASearch.ASP Cross-site scripting (XSS) vulnerability in PASearch.asp in XcPhotoAlbum 1.x allows remote attackers to inject arbitrary web script or HTML via the search parameters. network xcent | 4.3 |
| 2005-12-07 | CVE-2005-4060 | Cross-Site Scripting vulnerability in Rainworx Rwauction PRO 4.0/5.0 Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. | 4.3 |
| 2005-12-07 | CVE-2005-4057 | Unspecified vulnerability in Jonathan Beckett Pluggedout Nexus 0.1 Cross-site scripting (XSS) vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Location, (2) Last Name, and (3) First Name parameters. network jonathan-beckett | 4.3 |
| 2005-12-07 | CVE-2005-4053 | Cross-Site Scripting vulnerability in Cowiki 0.3.4 Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter, as demonstrated using 26.html. network cowiki | 4.3 |
| 2005-12-07 | CVE-2005-4052 | Remote Security vulnerability in e107 e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. | 5.0 |
| 2005-12-07 | CVE-2005-4051 | Unspecified vulnerability in E107 0.6174 e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php. | 5.0 |
| 2005-12-07 | CVE-2005-4047 | Cross-Site Scripting vulnerability in Iisworks Aspknowledgebase 2.0 Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnowledgeBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the a parameter. network iisworks | 4.3 |