Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-11-24 | CVE-2005-3787 | Cross-Site Scripting vulnerability in PHPMyAdmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog. network phpmyadmin | 4.3 |
2005-11-23 | CVE-2005-3786 | Remote Diagnostics Console One Unauthorized Access vulnerability in Novell ZENworks Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One. | 4.6 |
2005-11-23 | CVE-2005-3785 | Unspecified vulnerability in Gentoo Linux EIX 0.3 Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) before 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program. | 5.0 |
2005-11-23 | CVE-2005-3781 | Remote Denial of Service vulnerability in Sun Solaris In.Named Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries." | 5.0 |
2005-11-23 | CVE-2005-3778 | Denial-Of-Service vulnerability in MyBulletinBoard Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev 686 allows attackers to cause a denial of service via unknown vectors. | 5.0 |
2005-11-23 | CVE-2005-3777 | Remote Security vulnerability in Mybulletinboard Previewrelease2Rev686 MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to delete or move private messages (PM) via modified fields in the inbox form. | 5.0 |
2005-11-23 | CVE-2005-3776 | Cross-Site Scripting vulnerability in Mybulletinboard Previewrelease2Rev686 Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system. network mybulletinboard | 4.3 |
2005-11-23 | CVE-2005-3774 | Denial Of Service vulnerability in Cisco PIX 6.3/7.0 Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination. | 5.0 |
2005-11-23 | CVE-2005-3771 | Input Validation vulnerability in Joomla Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) "GET and other variables" and (2) "SEF". network joomla | 4.3 |
2005-11-22 | CVE-2005-3767 | Unspecified vulnerability in Exponent Exponent CMS 0.96.3 and later versions does not properly restrict the types of uploaded files, which allows remote attackers to upload and execute PHP files. | 5.0 |