Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-10-23 | CVE-2005-3294 | Resource Management Errors vulnerability in Typsoft FTP Server Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. | 5.0 |
2005-10-23 | CVE-2005-3293 | Input Validation vulnerability in Xerver 4.17H Xerver 4.17 allows remote attackers to (1) obtain source code of scripts via a request with a trailing "." (dot) or (2) list directory contents via a trailing null character. | 5.0 |
2005-10-23 | CVE-2005-3292 | HTML Injection vulnerability in Xeobook 0.93 Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 allow remote attackers to inject arbitrary web script or HTML via Javascript events in tages such as <b>. network xeobook | 4.3 |
2005-10-23 | CVE-2005-3291 | Unspecified vulnerability in Stani Stanis Python Editor 0.7.5 Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable files. | 4.6 |
2005-10-23 | CVE-2005-3287 | Remote Security vulnerability in MailSite Express Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache directory. | 5.0 |
2005-10-23 | CVE-2005-3285 | Cross-Site Scripting vulnerability in Comersus BackOffice Plus Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the (1) forwardTo1, (2) forwardTo2, (3) nameFT1, or (4) nameFT2 parameters. network comersus-open-technologies | 4.3 |
2005-10-23 | CVE-2005-3283 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2005-10-23 | CVE-2005-3281 | Directory Traversal vulnerability in Nukefixes 3.1 Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 allows remote attackers to include arbitrary files via the file parameter. | 5.0 |
2005-10-21 | CVE-2005-2118 | Remote Code Execution Variant vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122. | 5.1 |
2005-10-21 | CVE-2005-2117 | Unspecified vulnerability in Microsoft products Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code. | 5.1 |