Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-11-17 | CVE-2005-3647 | Local Security vulnerability in Folder Guard Folder Guard allows local users to bypass protections by running from or installing to the temporary files directory. | 4.6 |
2005-11-17 | CVE-2005-3645 | Information Exposure vulnerability in multiple products phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php. | 5.0 |
2005-11-16 | CVE-2005-3636 | Cross-Site Scripting vulnerability in SAP web Application Server 6.10 Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages. network sap | 4.3 |
2005-11-16 | CVE-2005-3635 | Cross-Site Scripting vulnerability in SAP Web Application Server Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application. network sap | 4.3 |
2005-11-16 | CVE-2005-3634 | Unspecified vulnerability in SAP web Application Server frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. | 5.0 |
2005-11-16 | CVE-2005-3633 | Unspecified vulnerability in SAP web Application Server HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. | 5.0 |
2005-11-16 | CVE-2005-3622 | Remote Security vulnerability in phpMyAdmin phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory. | 5.0 |
2005-11-16 | CVE-2005-3621 | Unspecified vulnerability in PHPmyadmin CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts. | 5.0 |
2005-11-16 | CVE-2005-3594 | Remote Security vulnerability in e107 game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables. | 5.0 |
2005-11-16 | CVE-2005-3592 | Remote Security vulnerability in CuteNews index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain the path of the installation path of the application by triggering an error message, such as by entering multiple ../ (dot dot slash) in the archive parameter. | 5.0 |