Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-09-06 | CVE-2005-2805 | Unspecified vulnerability in E107 0.603/0.616/0.617 forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number. | 5.0 |
2005-09-06 | CVE-2005-2803 | Cross-Site Scripting vulnerability in Hiki 0.8.0/0.8.1/0.8.2 Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005-2336. network hiki | 4.3 |
2005-09-06 | CVE-2005-2336 | Cross-Site Scripting vulnerability in Hiki 0.8.0/0.8.1/0.8.2 Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803. network hiki | 4.3 |
2005-09-06 | CVE-2005-2798 | Unspecified vulnerability in Openbsd Openssh sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. | 5.0 |
2005-09-06 | CVE-2005-2797 | Unspecified vulnerability in Openbsd Openssh 4.0 OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality. | 5.0 |
2005-09-02 | CVE-2005-2792 | Path Traversal vulnerability in PHPldapadmin Project PHPldapadmin 0.9.6/0.9.7 Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. | 5.0 |
2005-09-02 | CVE-2005-2791 | Remote vulnerability in BFCommand & Control Server Manager BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to cause a denial of service (refused new connections) via a series of connections and disconnections without sending the login command. | 5.0 |
2005-09-02 | CVE-2005-2787 | Directory Traversal vulnerability in Alexander Palmo Simple PHP Blog 0.4.0 comment_delete_cgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter. | 5.0 |
2005-09-02 | CVE-2005-2786 | Directory Traversal vulnerability in Cosmoshop 8.10.78 Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8.10.78 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter. | 5.0 |
2005-09-02 | CVE-2005-2783 | Unspecified vulnerability in PHP Fusion PHP Fusion Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags. network php-fusion | 4.3 |