Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-01 | CVE-2005-3702 | Multiple vulnerability in RETIRED: Apple Mac OS X Security Update 2005-009 Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name. | 5.0 |
| 2005-12-01 | CVE-2005-3700 | Multiple vulnerability in RETIRED: Apple Mac OS X Security Update 2005-009 Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors. | 4.6 |
| 2005-11-30 | CVE-2005-3929 | Directory Traversal vulnerability in Xaraya Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php. | 5.0 |
| 2005-11-30 | CVE-2005-3928 | Local Buffer Overflow vulnerability in QNX Rtos 6.2.1/6.3.0 Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users to execute arbitrary code via a long command line argument. | 4.6 |
| 2005-11-30 | CVE-2005-3927 | Local File Include and Information Disclosure vulnerability in GuppY Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php. | 6.4 |
| 2005-11-30 | CVE-2005-3923 | Information Disclosure vulnerability in Netobjects Fusion 9 NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive information, including passwords, by downloading the _versioning_repository_/rollbacklog.xml file, then using it to download and modify the associated ZIP file to edit and republish the site. | 5.0 |
| 2005-11-30 | CVE-2005-3919 | HTML Injection vulnerability in PBLang Bulletin Board System Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote attackers to inject arbitrary web script or HTML via multiple fields in (1) UCP.php and (2) SendPm.php. network pblang | 4.3 |
| 2005-11-30 | CVE-2005-3914 | SQL Injection vulnerability in Affcommerce 1.1.4 Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php. | 6.4 |
| 2005-11-30 | CVE-2005-3913 | Remote Security vulnerability in Vchs 2.4.6.2 Unspecified vulnerability in the domain alias management in Virtual Hosting Control System (VHCS) 2.4.6.2, related to "creating and deleting forwards for domain aliases," allows users to hijack the forwardings of other users. | 5.0 |
| 2005-11-30 | CVE-2005-3910 | Directory Traversal vulnerability in Post Affiliate PRO Post Affiliate PRO 2.0.4 merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magic_quotes_gpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory traversal vulnerability. | 5.0 |