Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-30 | CVE-2005-3908 | Cross-Site Scripting vulnerability in Amazon Shop Amazon Shop Cross-site scripting (XSS) vulnerability in search.php in GhostScripter Amazon Shop 5.0.0, and other versions before 5.0.2, allows remote attackers to inject web script or HTML via the query parameter. | 4.3 |
| 2005-11-29 | CVE-2005-3902 | Cross-Site Scripting vulnerability in Virtual Hosting Control System Error Message Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script. network virtual-hosting-control-system | 4.3 |
| 2005-11-29 | CVE-2005-3899 | Denial-Of-Service vulnerability in Talk The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature verification, aka BenjiBug. | 5.4 |
| 2005-11-29 | CVE-2005-3895 | Unspecified vulnerability in Otrs Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. network otrs | 5.8 |
| 2005-11-29 | CVE-2005-3894 | Unspecified vulnerability in Otrs Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters. network otrs | 4.3 |
| 2005-11-29 | CVE-2005-3892 | Unspecified vulnerability in Gadu-Gadu Instant Messenger 7.20 Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone. | 5.0 |
| 2005-11-29 | CVE-2005-3887 | Unspecified vulnerability in Gadu-Gadu Instant Messenger 7.20 Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:". | 5.4 |
| 2005-11-29 | CVE-2005-3883 | Unspecified vulnerability in PHP CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument. | 5.0 |
| 2005-11-29 | CVE-2005-3878 | Local File Include vulnerability in PHP Doc System Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 and earlier allows remote attackers to access or include arbitrary files via a .. | 6.4 |
| 2005-11-29 | CVE-2005-3869 | Products Cross-Site Scripting vulnerability in Google API Search 1.3.1 Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter. network google | 4.3 |