Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-08-23 | CVE-2005-2677 | Information Disclosure vulnerability in ACNews ACNews stores the database in a file under the web document root with a db.inc extension and insufficient access control, which allows remote attackers to obtain sensitive information such as the full pathname of the server. | 5.0 |
2005-08-23 | CVE-2005-2676 | Unspecified vulnerability in Coppermine Photo Gallery Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data. network coppermine | 4.3 |
2005-08-23 | CVE-2005-2670 | Directory Traversal vulnerability in HAURI Anti-Virus Compressed Files Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via ".." sequences in filenames contained in (1) ACE, (2) ARJ, (3) CAB, (4) LZH, (5) RAR, (6) TAR and (7) ZIP files. | 5.0 |
2005-08-23 | CVE-2005-2667 | Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows attackers to cause a denial of service via unknown vectors, aka the "CAM TCP port vulnerability." | 5.0 |
2005-08-23 | CVE-2005-2653 | HTML Injection vulnerability in Bbcaffe 2.0 Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote attackers to inject arbitrary web script or HTML via e-mail data in a message. network bbcaffe | 4.3 |
2005-08-23 | CVE-2005-2652 | Remote Security vulnerability in PHPoutsourcing Zorum 3.5 Zorum 3.5 allows remote attackers to obtain the full installation path via direct requests to (1) gorum/notification.php, (2) user.php, (3) attach.php, (4) blacklist.php, (5) zorum/forum.php, (6) globalstat.php, (7) gorum/trace.php, (8) gorum/badwords.php, or (9) gorum/flood.php. | 5.0 |
2005-08-23 | CVE-2005-2650 | HTML Injection vulnerability in Emefa Guestbook 1.2 Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, and (3) email parameters. network emefa | 4.3 |
2005-08-23 | CVE-2005-2649 | Cross-Site Scripting vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1 Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php. | 4.3 |
2005-08-23 | CVE-2005-2648 | Directory Traversal vulnerability in W-Agora 4.2 Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter. | 5.0 |
2005-08-23 | CVE-2005-2647 | Cross-Site Scripting vulnerability in Document Centre Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to inject arbitrary web script or HTML and modify web pages via unknown vectors. network xerox | 4.3 |