Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-09-08 | CVE-2005-2853 | HTML Injection vulnerability in Guppy 4.5/4.5.3/4.5.3A Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pg parameter to printfaq.php, or the (2) Referer or (3) User-Agent HTTP headers, which are not properly handled by error.php. network guppy | 4.3 |
| 2005-09-08 | CVE-2005-2852 | Denial-Of-Service vulnerability in Novell Netware 5.1/6.0/6.5 Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm. | 5.0 |
| 2005-09-08 | CVE-2005-2850 | Denial-Of-Service vulnerability in Whitsoft Development Slimftpd 3.17 SlimFTPd 3.17 allows remote attackers to cause a denial of service (crash) via certain (1) USER and (2) PASS commands, possibly due to a buffer overflow or off-by-one error. | 5.0 |
| 2005-09-08 | CVE-2005-2849 | Remote Security vulnerability in Barracuda Networks Barracuda Spam Firewall 3.1.16/3.1.17 Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump. | 6.4 |
| 2005-09-08 | CVE-2005-2848 | Remote Directory Traversal vulnerability in Barracuda Networks Barracuda Spam Firewall 3.1.16/3.1.17 Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2005-09-08 | CVE-2005-2845 | Information Disclosure vulnerability in Ariba Spend Management Solutions Ariba Spend Management System sends the username and password to the server in plaintext in a POST request, which allows remote attackers to obtain sensitive information. | 5.0 |
| 2005-09-08 | CVE-2005-2020 | Unspecified vulnerability in 3Com 3C15100D 5.0.2 Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700. | 5.0 |
| 2005-09-07 | CVE-2005-2839 | Cross-Site Scripting vulnerability in Maxdev Md-Pro 1.0.72 Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via (1) dl-search.php or (2) wl-search.php. network maxdev | 4.3 |
| 2005-09-07 | CVE-2005-2836 | Cross-Site Scripting vulnerability in Phorum Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to register.php or (2) a signature of a logged-in user in "My Control Center," which is not properly handled by control.php. network phorum | 4.3 |
| 2005-09-07 | CVE-2005-2820 | Unspecified vulnerability in Inter7 Sqwebmail 5.0.4 Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]". network inter7 | 4.3 |