Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-05 | CVE-2005-3502 | Information Disclosure vulnerability in Cerberus Helpdesk attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter. | 5.0 |
| 2005-11-05 | CVE-2005-3501 | Resource Management Errors vulnerability in Clamav The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length. | 4.3 |
| 2005-11-05 | CVE-2005-3500 | Denial Of Service vulnerability in Clam Anti-Virus ClamAV TNEF File Handling The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block. | 5.0 |
| 2005-11-05 | CVE-2005-2756 | Remote Buffer Overflow vulnerability in Apple QuickTime Compressed PICT Data Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion. | 5.1 |
| 2005-11-05 | CVE-2005-2754 | Numeric Errors vulnerability in Apple Quicktime Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes." | 5.1 |
| 2005-11-05 | CVE-2005-2753 | Numeric Errors vulnerability in Apple Quicktime Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string. | 5.1 |
| 2005-11-05 | CVE-2005-2628 | Unspecified vulnerability in Macromedia Flash Player Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer. | 5.1 |
| 2005-11-04 | CVE-2005-3498 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information. | 4.3 |
| 2005-11-04 | CVE-2005-3496 | Cross-Site Scripting vulnerability in PHP Handicapper PHP Handicapper Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. | 4.3 |
| 2005-11-04 | CVE-2005-3494 | HTML Injection vulnerability in AR-Blog Comment Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment. network ar-blog | 4.3 |