Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-21 | CVE-2005-3725 | Information Disclosure vulnerability in Zyxel Prestige 2000W V.1Voip Wi-Fi Phone Wj.00.10 Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. | 6.4 |
| 2005-11-21 | CVE-2005-3724 | Information Exposure vulnerability in Zyxel products Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication. | 6.4 |
| 2005-11-21 | CVE-2005-3721 | Remote Security vulnerability in Ip5000 Voip Wifi Phone The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration. | 5.0 |
| 2005-11-21 | CVE-2005-3720 | Information Disclosure vulnerability in Hitachi Ip5000 Voip Wifi Phone 1.5.6 The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 lists sensitive information such as software versions. | 5.0 |
| 2005-11-21 | CVE-2005-3719 | Information Disclosure vulnerability in Hitachi Ip5000 Voip Wifi Phone 1.5.6 Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator password of "0000", which allows attackers with physical access to obtain sensitive information and modify the phone's configuration. | 4.6 |
| 2005-11-21 | CVE-2005-3699 | Unspecified vulnerability in Opera Browser Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. | 5.0 |
| 2005-11-20 | CVE-2005-3695 | Cross-Site Scripting vulnerability in Litespeed Technologies Litespeed web Server 2.1.5 Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter. network litespeed-technologies | 4.3 |
| 2005-11-20 | CVE-2005-3530 | Cross-Site Scripting vulnerability in Antville 1.1 Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote attackers to inject arbitrary web script or HTML via the notfound.skin error document. network antville | 4.3 |
| 2005-11-20 | CVE-2005-3529 | Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.0/1.9.1/1.9.2 tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability. | 5.0 |
| 2005-11-20 | CVE-2005-3528 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.0/1.9.1/1.9.2 Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter. | 4.3 |