Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2005-12-07 CVE-2005-4046 Man In The Middle vulnerability in SUN products
Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct man-in-the-middle (MITM) attacks and "compromise data privacy."
network
high complexity
sun
4.0
2005-12-07 CVE-2005-3191 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xpdf
Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.
network
high complexity
xpdf CWE-119
5.1
2005-12-07 CVE-2005-2923 Improper Input Validation vulnerability in Ipswitch Imail Server and Ipswitch Collaboration Suite
The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory.
network
low complexity
ipswitch CWE-20
4.0
2005-12-07 CVE-2005-3193 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xpdf
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.
network
high complexity
xpdf CWE-119
5.1
2005-12-06 CVE-2005-4044 Cross-Site Scripting vulnerability in Amazon Search Directory
Cross-site scripting (XSS) vulnerability in search.cgi in Amazon Search Directory 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly the search parameter.
network
mr-cgi-guy
4.3
2005-12-06 CVE-2005-4042 Cross-Site Scripting vulnerability in MR. CGI GUY Warm Links 1.0.0
Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to search.cgi.
network
mr-cgi-guy
4.3
2005-12-06 CVE-2005-4041 Software Search.CGI Cross-Site Scripting vulnerability in Mr CGI Guy
Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arbitrary web script or HTML via the query string.
network
mr-cgi-guy
4.3
2005-12-06 CVE-2005-4036 Cross-Site Scripting vulnerability in Web4Future Keyword Frequency Counter 1.0
Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future KeyWord Frequency Counter 1.0 allows remote attackers to inject arbitrary web script or HTML via the "remote URL."
network
web4future
4.3
2005-12-06 CVE-2005-4033 Unspecified vulnerability in ALI Bousahid Nodezilla
Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data directory, which could allow them to be shared when they are not protected by PRIVATEDATADIR in nodezilla.ini, which allows remote attackers to obtain sensitive information.
network
low complexity
ali-bousahid
5.0
2005-12-06 CVE-2005-4032 Cross-Site Scripting vulnerability in Easy Search System Search.cgi
Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search System 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter.
network
hotcgiscripts
4.3