Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-10-06 | CVE-2005-3171 | Local Security vulnerability in Windows 2000 Advanced Server Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. | 4.6 |
| 2005-10-06 | CVE-2005-3169 | Remote Security vulnerability in Windows 2000 Advanced Server Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection. | 5.0 |
| 2005-10-06 | CVE-2005-3167 | Cross-Site Scripting vulnerability in MediaWiki HTML Inline Style Attributes Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks. network mediawiki | 4.3 |
| 2005-10-06 | CVE-2005-3166 | Denial-Of-Service vulnerability in Mediawiki Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL. | 5.0 |
| 2005-10-06 | CVE-2005-3165 | Unspecified vulnerability in Mediawiki Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients. network mediawiki | 4.3 |
| 2005-10-06 | CVE-2005-3163 | Unspecified vulnerability in Polipo Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root. | 5.0 |
| 2005-10-05 | CVE-2005-3156 | Unspecified vulnerability in Easyguppy 4.5.4/4.5.5 Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy for Windows) 4.5.4 and 4.5.5 allows remote attackers to read arbitrary files via ".." sequences in the pg parameter, which is cleansed for XSS but not directory traversal. network easyguppy | 4.3 |
| 2005-10-05 | CVE-2005-3152 | Cross-Site Scripting vulnerability in Devellion Cubecart 3.0.3/3.0.7Pl1 Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. network devellion | 4.3 |
| 2005-10-05 | CVE-2005-3149 | Unspecified vulnerability in UIM Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges. | 4.6 |
| 2005-10-05 | CVE-2005-3148 | Local Security vulnerability in storeBackup StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership. | 4.6 |