Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-10-14 | CVE-2005-3207 | Remote Denial Of Service vulnerability in Oracle Forms Servlet TLS Listener The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command. | 5.0 |
| 2005-10-14 | CVE-2005-3206 | Remote Denial Of Service vulnerability in Oracle Database Server 9.0.2.4 iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command. | 5.0 |
| 2005-10-14 | CVE-2005-3204 | Cross-Site Scripting vulnerability in Oracle Application Server and Oracle9I Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request. network oracle | 4.3 |
| 2005-10-14 | CVE-2005-3203 | Unspecified vulnerability in Oracle Html DB 1.3/1.3.6 The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges. | 4.6 |
| 2005-10-14 | CVE-2005-3202 | Cross-Site Scripting vulnerability in Oracle HTML DB 1.3/1.3.6 Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters. network oracle | 6.8 |
| 2005-10-14 | CVE-2005-3200 | Cross-Site Scripting vulnerability in Utopia Software Utopia News PRO 1.1.3/1.1.4 Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro (UNP) 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the sitetitle parameter in header.php and (2) the version and (3) query_count parameters in footer.php. network utopia-software | 4.3 |
| 2005-10-14 | CVE-2005-3198 | Local vulnerability in Webroot Software Desktop Firewall Webroot Desktop Firewall before 1.3.0build52 allows local users to disable the firewall, even when password protection is enabled, via certain DeviceIoControl commands. | 4.6 |
| 2005-10-14 | CVE-2005-3196 | Unspecified vulnerability in Planet Technology Corp Fgsw2402Rs 1.2Firmware Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a default password, which allows attackers with physical access to the device's serial port to gain privileges. | 4.6 |
| 2005-10-14 | CVE-2005-3194 | Archive Formats File Name Buffer Overflow vulnerability in Estsoft Alzip 5.52English/6.12Korean/6.1International Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive. | 5.1 |
| 2005-10-13 | CVE-2005-2120 | Buffer Overflow vulnerability in Microsoft Windows 2000 and Windows XP Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call. | 6.5 |