Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-09-07 | CVE-2005-2818 | Cross-Site Scripting vulnerability in Eric Fichot Downfile 1.3 Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to (1) email.php,(2) index.php, (3) del.php, or (4) add_form.php. | 4.3 |
| 2005-09-07 | CVE-2005-2817 | Information Disclosure vulnerability in Simple Machines Simple Machines Forum 1.0.5 Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server. | 5.0 |
| 2005-09-07 | CVE-2005-2816 | Cross-Site Scripting vulnerability in Greymatter Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator uses "View Control Panel Log" to read the log file. network greymatter | 4.3 |
| 2005-09-07 | CVE-2005-2815 | Denial-Of-Service vulnerability in Flatnuke 2.5.6 print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1. | 6.4 |
| 2005-09-07 | CVE-2005-2814 | Cross-Site Scripting vulnerability in Flatnuke 2.5.6 Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php. network flatnuke | 4.3 |
| 2005-09-07 | CVE-2005-2813 | Directory Traversal vulnerability in Flatnuke 2.5.6 Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) characters in the id parameter to the read mod in index.php. | 5.0 |
| 2005-09-07 | CVE-2005-2811 | Local Security vulnerability in Net-SNMP Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges. | 4.6 |
| 2005-09-07 | CVE-2005-2796 | Remote Denial Of Service vulnerability in Squid Proxy SSLConnectTimeout The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests. | 5.0 |
| 2005-09-07 | CVE-2005-2794 | Remote Denial Of Service vulnerability in Squid Proxy Aborted Requests store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING. | 5.0 |
| 2005-09-06 | CVE-2005-2806 | Improper Input Validation vulnerability in Trevor Hogan Bnbt 7.5Betarelease2/7.5Betarelease3/7.720041027R3 client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows remote attackers to cause a denial of service (application hang) via an HTTP header containing only a ":" (colon), possibly leading to an integer signedness error due to a missing field name or value. | 5.0 |