Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-08-26 | CVE-2005-2698 | Cross-Site Scripting vulnerability in Nelogic Technologies Nephp Publisher Enterprise 3.04 Cross-site scripting (XSS) vulnerability in browse.php in Nephp Publisher Enterprise 3.04 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded keywords parameter. network nelogic-technologies | 4.3 |
| 2005-08-26 | CVE-2005-2696 | Information Disclosure vulnerability in Lotus Notes IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428. | 5.0 |
| 2005-08-26 | CVE-2005-2695 | Unspecified vulnerability in Cisco products Unspecified vulnerability in the SSL certificate checking functionality in Cisco CiscoWorks Management Center for IDS Sensors (IDSMC) 2.0 and 2.1, and Monitoring Center for Security (Security Monitor or Secmon) 1.1 through 2.0 and 2.1, allows remote attackers to spoof a Cisco Intrusion Detection Sensor (IDS) or Intrusion Prevention System (IPS). | 5.0 |
| 2005-08-26 | CVE-2005-2693 | Unspecified vulnerability in CVS 1.12.12 cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack. | 4.6 |
| 2005-08-24 | CVE-2005-2688 | Cross-Site Scripting vulnerability in Savewebportal 3.4 Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to (1) footer.php, (2) header.php, (3) menu_dx.php, or (4) menu_sx.php, or Javascript code in the (5) HTTP_REFERER (referer) or (6) HTTP_USER_AGENT (user agent) fields. network savewebportal | 4.3 |
| 2005-08-24 | CVE-2005-2532 | Denial Of Service vulnerability in OpenVPN Packet Decryption Failure OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted. | 5.0 |
| 2005-08-24 | CVE-2005-2531 | Denial Of Service vulnerability in OpenVPN Failed Authentication OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts. | 5.0 |
| 2005-08-24 | CVE-2005-1843 | Local Privilege Escalation vulnerability in Adobe Version Cue for Mac OS X VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, allows local users to load arbitrary libraries and execute arbitrary code via the -lib command line argument. | 4.6 |
| 2005-08-23 | CVE-2005-2680 | Security Bypass vulnerability in Oracle Weblogic Portal 8.1 Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs. | 5.0 |
| 2005-08-23 | CVE-2005-2678 | Unspecified vulnerability in Microsoft products Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. | 5.0 |