Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-11-26 | CVE-2005-3831 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Speedproject Speedcommander, Squeez and Zipstar Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, as used in SpeedProject products including (a) ZipStar 5.0 Build 4285, (b) Squeez 5.0 Build 4285, and (c) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename. | 5.1 |
2005-11-26 | CVE-2005-3830 | Directory Traversal vulnerability in ActiveCampaign SupportTrio index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote attackers to read or include arbitrary files via the page parameter, possibly due to a directory traversal vulnerability. | 5.0 |
2005-11-26 | CVE-2005-3824 | Input Validation vulnerability in VTiger CRM The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action. | 5.0 |
2005-11-26 | CVE-2005-3821 | Input Validation vulnerability in VTiger CRM Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name. network vtiger | 4.3 |
2005-11-26 | CVE-2005-3820 | Input Validation vulnerability in VTiger CRM Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. | 6.4 |
2005-11-26 | CVE-2005-3818 | Input Validation vulnerability in VTiger CRM Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module. network vtiger | 4.3 |
2005-11-26 | CVE-2005-3813 | Remote Denial of Service vulnerability in MailEnable IMAP Rename Request IMAP service (meimaps.exe) of MailEnable Professional 1.7 and Enterprise 1.1 allows remote authenticated attackers to cause a denial of service (application crash) by using RENAME with a non-existent mailbox, a different vulnerability than CVE-2005-3690. | 4.0 |
2005-11-26 | CVE-2005-3812 | Denial Of Service vulnerability in Freeftpd 1.0.10 freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments. | 6.8 |
2005-11-25 | CVE-2005-3811 | Unspecified vulnerability in Amax Information Technologies Magic Winmail Server Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid parameter. | 5.0 |
2005-11-25 | CVE-2005-3808 | Local Integer Overflow vulnerability in Linux Kernel INVALIDATE_INODE_PAGES2 Integer overflow in the invalidate_inode_pages2_range function in mm/truncate.c in Linux kernel 2.6.11 to 2.6.14 allows local users to cause a denial of service (hang) via 64-bit mmap calls that are not properly handled on a 32-bit system. | 4.9 |