Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-11-16 | CVE-2005-3566 | Local Buffer Overflow vulnerability in VERITAS Cluster Server for UNIX Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew. | 4.3 |
2005-11-16 | CVE-2005-3559 | Unspecified vulnerability in Digium Asterisk Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. | 5.0 |
2005-11-16 | CVE-2005-3557 | Input Validation vulnerability in PHPList Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. | 5.0 |
2005-11-16 | CVE-2005-3556 | Input Validation vulnerability in PHPList Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, (3) title field in (c) admin/template.php, (4) filter, (5) delete, and (6) start parameters in (d) admin/eventlog.php, (7) id parameter in (e) admin/configure.php, (8) find parameter in (f) admin/users.php, (9) start parameter in (g) admin/admin.php, and (10) action parameter in (h) admin/fckphplist.php. network tincan | 4.3 |
2005-11-16 | CVE-2005-3555 | Input Validation vulnerability in PHPList Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page. | 6.5 |
2005-11-16 | CVE-2005-3554 | Code Injection vulnerability in PHPkit 1.6.02/1.6.03/1.6.1 Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables. | 5.1 |
2005-11-16 | CVE-2005-3552 | Cross-Site Scripting vulnerability in PHPkit Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter.php, and the (5) referer statistics, the (6) HTML title element and (7) logo alt attributes in forum postings, and the (8) Homepage field in the Guestbook. | 4.3 |
2005-11-16 | CVE-2005-3551 | Information Disclosure vulnerability in Toendacms toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive information via a direct request to the appropriate XML file. | 5.0 |
2005-11-16 | CVE-2005-3550 | Directory Traversal vulnerability in toendaCMS Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. | 5.0 |
2005-11-16 | CVE-2005-3549 | Remote Security vulnerability in Invision Power Services Invision Board 2.0.1 Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now". | 6.5 |