Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-10-30 | CVE-2005-3372 | Unspecified vulnerability in Broadcom Etrust Antivirus 7.0.1.4 Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | 5.1 |
| 2005-10-30 | CVE-2005-3371 | Unspecified vulnerability in Grisoft AVG Antivirus 7.0.323 Multiple interpretation error in AVG 7 7.0.323 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | 5.1 |
| 2005-10-30 | CVE-2005-3370 | Unspecified vulnerability in Arcavir 2005 20050621 Multiple interpretation error in ArcaVir 2005 package 2005-06-21 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | 5.1 |
| 2005-10-30 | CVE-2005-3368 | HTML Injection vulnerability in Search Enhanced Search Enhanced 1.1/2.0 Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter. network search-enhanced | 4.3 |
| 2005-10-30 | CVE-2005-3367 | HTML Injection vulnerability in Sparkleblog 2.1 Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog 2.1 allows remote attackers to inject arbitrary web script or HTML via the name field. network sparkleblog | 4.3 |
| 2005-10-30 | CVE-2005-3366 | Remote File Include vulnerability in PHP ICalendar Default_View PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. network php-icalendar | 6.8 |
| 2005-10-28 | CVE-2005-2930 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in JED Wing CHM LIB Stack-based buffer overflow in the _chm_find_in_PMGL function in chm_lib.c for chmlib before 0.36, as used in products such as KchmViewer, allows user-assisted attackers to execute arbitrary code via a CHM file containing a long element, a different vulnerability than CVE-2005-3318. | 5.1 |
| 2005-10-28 | CVE-2005-3361 | Unspecified vulnerability in Flatnuke 2.5.6 Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306. network flatnuke | 4.3 |
| 2005-10-27 | CVE-2005-3338 | Remote vulnerability in Mantis Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users. | 5.0 |
| 2005-10-27 | CVE-2005-3337 | Cross-Site Scripting vulnerability in Mantis Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php. network mantis | 4.3 |