Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-04 | CVE-2005-3493 | Remote Denial of Service vulnerability in Battle Carry Battle Carry .005 and earlier allows remote attackers to cause a denial of service (inaccessible port) via a large packet, which triggers a socket error and terminates the socket that is listening on the server's UDP port. | 5.0 |
| 2005-11-04 | CVE-2005-3492 | Remote Buffer Overflow And Denial Of Service vulnerability in Johannes F. Kuhlmann Flatfrag 0.3 FlatFrag 0.3 and earlier allows remote attackers to cause a denial of service (crash) by sending an NT_CONN_OK command from a client that is not connected, which triggers a null dereference. | 5.0 |
| 2005-11-04 | CVE-2005-3490 | Directory Traversal vulnerability in Asus VideoSecurity Online Web Server Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL. | 5.0 |
| 2005-11-03 | CVE-2005-3484 | Directory Traversal vulnerability in Nero Neronet 1.2.0.2 Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arbitrary files with certain file extensions (such as ZIP, AVI, JPG, TXT, and HTML) via ".." and hex-encoded (1) slash "/" ("%2f") or (2) backslash "\" ("%5c") sequences. | 5.0 |
| 2005-11-03 | CVE-2005-3482 | Unspecified vulnerability in Cisco Aironet Ap1131, Aironet Ap1200 and Aironet Ap1240 Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic to a secure network using frames with the MAC address of an authenticated end host. | 5.0 |
| 2005-11-03 | CVE-2005-3480 | Remote Security vulnerability in Ringtail Casebook 6.1.0 login.asp in Ringtail CaseBook 6.1.0 displays different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames. | 5.0 |
| 2005-11-03 | CVE-2005-3479 | Cross-Site Scripting vulnerability in Ringtail Casebook 6.1.0 Cross-site scripting (XSS) vulnerability in login.asp in Ringtail CaseBook 6.1.0 allows remote attackers to inject arbitrary web script or HTML via the users parameter. network ringtail | 4.3 |
| 2005-11-03 | CVE-2005-3477 | HTML Injection vulnerability in Invision Power Services Invision Gallery 2.0.3 Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. network invision-power-services | 4.3 |
| 2005-11-03 | CVE-2005-3474 | Local Security vulnerability in First4internet Xcp Content Management The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with "$sys$", which allows attackers to hide activities on a system that uses XCP. | 4.6 |
| 2005-11-03 | CVE-2005-3473 | Input Validation vulnerability in Alexander Palmo Simple PHP Blog 0.4.5 Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry, (2) blog_subject, and (3) blog_text parameters (involving the temp_subject variable) in (a) preview_cgi.php and (b) preview_static_cgi.php, or (4) scheme_name parameter and (5) bg_color parameters (involving the preset_name and result variables) in (c) colors.php. network alexander-palmo | 4.3 |