Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-09-20 | CVE-2005-2982 | Cross-Site Scripting vulnerability in Compaq Compaqhttpserver 2.1 Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page. network compaq | 4.3 |
| 2005-09-20 | CVE-2005-2981 | Cross-Site Scripting vulnerability in Orionserver Orion Application Server 1.3.8/1.4.5 Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page. | 4.3 |
| 2005-09-16 | CVE-2005-2956 | Remote Information Disclosure vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1 ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files. | 5.0 |
| 2005-09-16 | CVE-2005-2955 | Local Security vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1 config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others. | 4.6 |
| 2005-09-16 | CVE-2005-2953 | Cross-Site Scripting vulnerability in Miva Merchant 5.0 Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merchant 5 allows remote attackers to inject arbitrary web script or HTML via the Customer_Login parameter. network miva | 4.3 |
| 2005-09-16 | CVE-2005-2952 | Remote Directory Traversal vulnerability in Subscribe Me Pro S.PL Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09P and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2005-09-16 | CVE-2005-2950 | Cross-Site Scripting vulnerability in Sawmill Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1.13 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP GET request. network sawmill | 4.3 |
| 2005-09-16 | CVE-2005-2947 | Local Privilege Escalation vulnerability in KillProcess Buffer overflow in KillProcess 2.20 and earlier allows user-assisted attackers to execute arbitrary code via an exe file with a long FileDescription in the version resource. | 5.1 |
| 2005-09-16 | CVE-2005-2657 | Unspecified vulnerability in Common-Lisp-Controller 4.18 Unknown vulnerability in common-lisp-controller 4.18 and earlier allows local users to gain privileges by compiling arbitrary code in the cache directory, which is executed by another user if the user has not run Common Lisp before. | 4.6 |
| 2005-09-16 | CVE-2005-2944 | Local Security vulnerability in Brent ELY Gnome Workstation Command Center 0.9.8 The perform_file_save function in GNOME Workstation Command Center (gwcc) 0.9.6 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the gwcc_out.txt temporary file. | 4.6 |