Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-10-04 | CVE-2005-3131 | Cross-Site Scripting vulnerability in IceWarp Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to blank.html, or the createdataCX parameter to (2) calendar_d.html, (3) calendar_m.html, or (4) calendar_w.html. | 4.3 |
| 2005-10-04 | CVE-2005-3129 | Cross-Site Request Forgery vulnerability in Serendipity Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php. | 5.1 |
| 2005-10-04 | CVE-2005-3128 | Cross-Site Scripting vulnerability in SquirrelMail Address Add Plugin 1.9/2.0 Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag. network squirrelmail | 4.3 |
| 2005-10-04 | CVE-2005-3127 | Cross-Site Scripting vulnerability in Lucidcms 1.0.11 Cross-site scripting (XSS) vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string. network lucidcms | 4.3 |
| 2005-10-04 | CVE-2005-2804 | Local Integer Overflow vulnerability in Novell Groupwise 6.5.3 Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key. | 5.0 |
| 2005-09-30 | CVE-2005-2917 | Denial Of Service vulnerability in Squid 2.5.9 Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart). | 5.0 |
| 2005-09-30 | CVE-2005-3106 | Improper Locking vulnerability in multiple products Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec. | 4.7 |
| 2005-09-28 | CVE-2005-3103 | Cross-Site Scripting vulnerability in SIX Apart Movable Type 3.16 Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title, (2) category, (3) body, (4) extended body, and (5) excerpt form fields in new blog entries. network six-apart | 4.3 |
| 2005-09-28 | CVE-2005-3102 | The administrative interface in Movable Type allows attackers to upload files with arbitrary extensions under the web root. | 5.0 |
| 2005-09-28 | CVE-2005-3101 | Information Disclosure vulnerability in SIX Apart Movable Type 3.17 The password reset feature in Movable Type before 3.2 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames. | 5.0 |