Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-08-30 | CVE-2005-2734 | Unspecified vulnerability in Gallery Project Gallery Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. network gallery-project | 4.3 |
2005-08-30 | CVE-2005-2732 | Information Disclosure vulnerability in AWStats AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information via a file that does not exist in the config parameter, which reveals the path in an error message. | 5.0 |
2005-08-30 | CVE-2005-2730 | Information Disclosure vulnerability in Astaro Security Linux 6.001 The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message. | 5.0 |
2005-08-30 | CVE-2005-2727 | Multiple vulnerability in ARI Pikivirta Home FTP Server 1.0.7B45 Home Ftp Server 1.0.7 stores sensitive user information and server information in the same directory as the user's home directory, which allows remote authenticated users to obtain sensitive information by obtaining ftpmembers.lst and ftpsettings.lst. | 5.0 |
2005-08-30 | CVE-2005-2726 | Multiple vulnerability in ARI Pikivirta Home FTP Server 1.0.7B45 Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remote authenticated users to read arbitrary files via "C:\" (Windows drive letter) sequences in commands such as (1) LIST or (2) RETR. | 5.0 |
2005-08-30 | CVE-2005-2724 | Unspecified vulnerability in Inter7 Sqwebmail Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. network inter7 | 4.3 |
2005-08-30 | CVE-2005-2722 | Information Disclosure vulnerability in PHP Weblog Foojan PHP Weblog allows remote attackers to obtain sensitive information via (1) a direct request to /daylinks/index.php or (2) a negative value in the daylinkspage parameter to index.php, which reveal the path in an error message. | 5.0 |
2005-08-30 | CVE-2005-2721 | Html Injection vulnerability in Foojan PHPWeblog Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) admin.php in Foojan PHP Weblog allow remote attackers to inject arbitrary web script or HTML via the Referer field in the HTTP header. network foojan | 4.3 |
2005-08-30 | CVE-2005-2719 | Denial Of Service vulnerability in Ventrilo Status Requests Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial of service (application crash) via a status packet that contains less data than specified in the packet header sent to UDP port 3784. | 5.0 |
2005-08-26 | CVE-2005-2699 | File-Upload vulnerability in PHPkit 1.6.1 Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. | 4.6 |