Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-09-14 | CVE-2005-2897 | Information Disclosure vulnerability in Stylemotion web News 1.4 WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory, which reveal the path in an error message, as demonstrated using cat.add.php. | 5.0 |
| 2005-09-14 | CVE-2005-2895 | Information Disclosure vulnerability in Pblang 4.65 setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to obtain sensitive information via a %00 (a null byte) in the u parameter, which reveals the path in an error message. | 5.0 |
| 2005-09-14 | CVE-2005-2894 | HTML Injection vulnerability in Pblang 4.65 Cross-site scripting (XSS) vulnerability in the user registration in PBLang 4.65, and possibly earlier versions, allows remote attackers to inject arbitrary web script or PHP via the location field. network pblang | 4.3 |
| 2005-09-14 | CVE-2005-2892 | Directory Traversal vulnerability in Pblang 4.65 Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter. | 5.0 |
| 2005-09-14 | CVE-2005-2891 | Unspecified vulnerability in Csystems Webarchivex 5.5.0.76 WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marked safe for scripting by default, which allows remote attackers to read or write to arbitrary files via the (1) MakeArchive or (2) MakeArchiveStr methods. | 6.4 |
| 2005-09-14 | CVE-2005-2890 | Unspecified vulnerability in Secureol VE2 1.05.1008 SecureOL VE2 1.05.1008 does not properly restrict public access to physical memory, which allows local users to bypass intended restrictions and gain access to the secured environment via direct access to the PhysicalMemory device. | 4.6 |
| 2005-09-14 | CVE-2005-2887 | Information Disclosure vulnerability in Maxdev Md-Pro 1.0.73 MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) wiki.php, (2) AutoTheme directory, (3) Blocks directory, (4) admin.php, (5) pnadmin.php, or (6) Topics directory, which reveal the path in an error message. | 5.0 |
| 2005-09-14 | CVE-2005-2886 | Cross-Site Scripting vulnerability in MAXdev MD-Pro Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.73, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via (1) the print parameter to the print module, the sitename parameter to (2) bb_smilies or (3) bbcode_ref module, or (4) the hlpfile parameter to openwindow.php. network maxdev | 4.3 |
| 2005-09-14 | CVE-2005-2884 | HTML Injection vulnerability in Land Down Under Cross-site scripting (XSS) vulnerability in events.php in Land Down Under (LDU) 801 and earlier allows remote attackers to inject arbitrary web script or HTML via the Description field in an event. network neocrome | 4.3 |
| 2005-09-14 | CVE-2005-2882 | Remote Cross-Site Scripting vulnerability in PHPcommunitycalendar 4.0/4.0.1/4.0.3 Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the LocationID parameter to (1) thankyou.php or (2) day.php, font parameter to (3) calDaily.php, (4) calMonthly.php, (5) calMonthlyP.php, (6) calWeekly.php, (7) calWeeklyP.php, (8) calYearly.php, (9) calYearlyP.php, (10) day.php, or (11) week.php, or (12) CeTi, (13) Contact, (14) Description, (15) ShowAddress parameter to event.php, and other attack vectors. network phpcommunitycalendar | 4.3 |