Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-04 | CVE-2005-3982 | Unspecified vulnerability in Webcalendar 1.0.1 CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests. | 5.0 |
2005-12-03 | CVE-2005-3979 | Improper Authentication vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.4/1.4.2 relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request. | 5.0 |
2005-12-03 | CVE-2005-3977 | Cross-Site Scripting vulnerability in Qualityebiz Qualityppc 1553 Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 1553 allows remote attackers to inject web script or HTML via the REQ parameter to the search module. network qualityebiz | 4.3 |
2005-12-03 | CVE-2005-3975 | HTML Injection vulnerability in Drupal Image Upload Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. | 4.0 |
2005-12-03 | CVE-2005-3974 | Unspecified vulnerability in Drupal Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission. | 6.4 |
2005-12-03 | CVE-2005-3973 | HTML Injection vulnerability in Drupal Submitted Content Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the (1) legend tag and the value parameter used in (2) label and (3) input tags, possibly due to an incomplete blacklist. network drupal | 4.3 |
2005-12-03 | CVE-2005-3972 | Cross-Site Scripting vulnerability in Extreme Corporate Extremesearch.PHP Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. network extreme-corporate | 4.3 |
2005-12-03 | CVE-2005-3971 | Applications Login Form Cross-Site Scripting vulnerability in Citrix Metaframe Secure Access Manager and Nfuse Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field. network citrix | 4.3 |
2005-12-03 | CVE-2005-3970 | Input Validation vulnerability in MXChange Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network mxchange | 4.3 |
2005-12-03 | CVE-2005-3967 | Cross-Site Scripting vulnerability in Atlassian Confluence 2.0.1Build321 Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter. network atlassian | 4.3 |