Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-11-03 | CVE-2005-3472 | Information Disclosure vulnerability in SUN Java System Communications Express 2004Q2/2005Q1 Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files. | 5.0 |
2005-11-02 | CVE-2005-3471 | Directory Traversal vulnerability in MailWatch for MailScanner Directory traversal vulnerability in the ruleset view for MailWatch for MailScanner 1.0.2 allows remote attackers to access arbitrary files. | 5.0 |
2005-11-02 | CVE-2005-3468 | Directory Traversal vulnerability in F-Secure Anti-Virus and Internet Gatekeeper Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files. | 5.0 |
2005-11-02 | CVE-2005-3467 | Improper Input Validation vulnerability in Solarwinds Serv-U File Server Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. | 5.0 |
2005-11-02 | CVE-2005-3436 | HTML Injection vulnerability in Nuked-Klan 1.7 Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows remote attackers to inject arbitrary web script or HTML via the (1) Search module, (2) certain edit fields in Guestbook, (3) the title in the Forum module, and (4) Textbox. network nuked-klan | 4.3 |
2005-11-02 | CVE-2005-3433 | Remote Security vulnerability in ICQ Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers to execute arbitrary code by convincing a user to enter long strings into the First Name and Last Name fields. | 5.1 |
2005-11-02 | CVE-2005-3432 | Authentication Bypass vulnerability in Thomas Rybak Minigal 2 0.5.1/B13 MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password protected images via a request to index.php with the list parameter set to * (wildcard) and the page parameter set to all. | 5.0 |
2005-11-02 | CVE-2005-3431 | Information Disclosure vulnerability in Rockliffe MailSite Express Absolute path traversal vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to read arbitrary files via a full pathname in the AttachPath field of a mail message under composition. | 5.0 |
2005-11-02 | CVE-2005-3429 | Cross-Site Scripting vulnerability in Rockliffe Mailsite Express 6.1.20 Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities. network rockliffe | 4.3 |
2005-11-02 | CVE-2005-3428 | Cross-Site Scripting vulnerability in MailSite Express Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to inject arbitrary web script or HTML via a message body. network rockliffe | 4.3 |