Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-16 | CVE-2005-3584 | Cross-Site Scripting vulnerability in PHPwebthings 1.4.4 Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter. network phpwebthings | 4.3 |
| 2005-11-16 | CVE-2005-3579 | Input Validation vulnerability in Walla TeleSite ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to access arbitrary local files via the querystring. | 5.0 |
| 2005-11-16 | CVE-2005-3577 | Input Validation vulnerability in Walla TeleSite Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the sug parameter. network walla-telesite | 4.3 |
| 2005-11-16 | CVE-2005-3576 | Input Validation vulnerability in Walla TeleSite ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to access privileged information by entering the article number in tsurl parameter. | 5.0 |
| 2005-11-16 | CVE-2005-3574 | Remote Security vulnerability in Icms PHP file inclusion vulnerability in index.php of iCMS allows remote attackers to include arbitrary files via the page parameter. | 5.0 |
| 2005-11-16 | CVE-2005-3573 | Denial Of Service vulnerability in GNU Mailman Attachment Scrubber UTF8 Filename Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). | 5.0 |
| 2005-11-16 | CVE-2005-3571 | Code Injection vulnerability in Codegrrl products PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter when register_globals is enabled. | 5.0 |
| 2005-11-16 | CVE-2005-3570 | Cross-Site Scripting vulnerability in Horde Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages". | 4.3 |
| 2005-11-16 | CVE-2005-3569 | Denial of Service vulnerability in IBM DB2 Content Manager 8.2 INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files. | 5.0 |
| 2005-11-16 | CVE-2005-3567 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Directory Server 5.2.0/6.0 slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 binds using SASL EXTERNAL, which allows attackers to bypass authentication and modify and delete directory data via unknown attack vectors. | 5.8 |