Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-03 | CVE-2005-3966 | Cross-Site Scripting vulnerability in Java Search Engine Java Search Engine 0.9.34 Cross-site scripting (XSS) vulnerability in search.jsp in Java Search Engine (JSE) 0.9.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter. network java-search-engine | 4.3 |
| 2005-12-01 | CVE-2005-3962 | Numeric Errors vulnerability in Perl 5.8.6/5.9.2 Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. | 4.6 |
| 2005-12-01 | CVE-2005-3961 | File Corruption vulnerability in Webcalendar 1.0.1 export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter. | 5.0 |
| 2005-12-01 | CVE-2005-3959 | Cross-Site Scripting vulnerability in Freewebstat 1.0Rev37 Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php. network freewebstat | 4.3 |
| 2005-12-01 | CVE-2005-3955 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php. | 4.3 |
| 2005-12-01 | CVE-2005-3954 | Cross-Site Scripting vulnerability in Blogbuddies 0.3 Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php. network blogbuddies | 4.3 |
| 2005-12-01 | CVE-2005-3950 | Remote Denial Of Service vulnerability in NuFW Malformed Packet nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users to cause a denial of service via malformed packets. | 6.8 |
| 2005-12-01 | CVE-2005-3948 | Local File Include vulnerability in PHPAlbum Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters. | 5.0 |
| 2005-12-01 | CVE-2005-3946 | Improper Input Validation vulnerability in Opera Browser 8.50 Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class. | 5.0 |
| 2005-12-01 | CVE-2005-3704 | Multiple vulnerability in RETIRED: Apple Mac OS X Security Update 2005-009 System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL). | 5.0 |