Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-09-14 | CVE-2005-2490 | Local Buffer Overflow vulnerability in Linux Kernel Sendmsg() Stack-based buffer overflow in the sendmsg function call in the Linux kernel 2.6 before 2.6.13.1 allows local users to execute arbitrary code by calling sendmsg and modifying the message contents in another thread. | 4.6 |
2005-09-13 | CVE-2005-2874 | Unspecified vulnerability in Easy Software products Cups The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request. | 5.0 |
2005-09-08 | CVE-2005-2869 | Unspecified vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php. network phpmyadmin | 4.3 |
2005-09-08 | CVE-2005-2866 | Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in the MercoraClient\Profiles registry key, which allows local users to gain privileges. | 4.6 |
2005-09-08 | CVE-2005-2863 | Cross-Site Scripting vulnerability in Open Webmail Open Webmail 2.41 Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter. network open-webmail | 4.3 |
2005-09-08 | CVE-2005-2861 | HTML Injection vulnerability in N-Stalker N-Stealth Commercial5.8/Free5.8 Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report. network n-stalker | 4.3 |
2005-09-08 | CVE-2005-2860 | HTML Injection vulnerability in Multiple Vendor Web Vulnerability Scanners Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report. network nikto | 4.3 |
2005-09-08 | CVE-2005-2859 | Local Security vulnerability in Savant Webserver 3.1 Savant Web Server stores user credentials in plaintext in the Savant\Users registry key, which allows local users to gain privileges. | 4.6 |
2005-09-08 | CVE-2005-2855 | HTML Injection vulnerability in Unclassified Newsboard Unclassified Newsboard 1.5.3 Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description field. network unclassified-newsboard | 4.3 |
2005-09-08 | CVE-2005-2854 | Unspecified vulnerability in Thesitewizard.Com Chfeedback.Pl Feedback Form Perl Script 2.0.1 CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedback Form Perl Script 2.0.1 allows remote attackers to use the script as a mail relay (spam proxy) via CRLF sequences in the (1) name or (2) email fields, which are injected into mail headers. | 5.0 |