Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2005-08-23 CVE-2005-2646 Denial-Of-Service vulnerability in Document Centre
Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to cause a denial of service or read files via unknown vectors involving crafted HTTP requests.
network
low complexity
xerox
6.4
2005-08-23 CVE-2005-2643 Unspecified vulnerability in TOR
Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit.
network
low complexity
tor
5.0
2005-08-23 CVE-2005-2640 Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.
network
low complexity
neoteris juniper netscreen
5.0
2005-08-23 CVE-2005-2638 Cross-Site Scripting vulnerability in PHPfreenews 1.40
Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php.
network
phpfreenews
4.3
2005-08-23 CVE-2005-2635 Local File Include vulnerability in phpPgAds
Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds before 2.0.6 allow remote attackers to include arbitrary files via a ..
network
low complexity
phpadsnew phppgads
5.0
2005-08-23 CVE-2005-2459 Null Pointer Dereference vulnerability in multiple products
The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458.
network
low complexity
linux debian CWE-476
5.0
2005-08-23 CVE-2005-2458 Local Denial of Service vulnerability in Linux Kernel ZLib Invalid Memory Access
inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause a denial of service (kernel crash) via a compressed file with "improper tables".
network
low complexity
linux
5.0
2005-08-23 CVE-2005-2457 Denial Of Service vulnerability in Linux Kernel ISO File System
The driver for compressed ISO file systems (zisofs) in the Linux kernel before 2.6.12.5 allows local users and remote attackers to cause a denial of service (kernel crash) via a crafted compressed ISO file system.
network
low complexity
linux
5.0
2005-08-23 CVE-2005-2099 Resource Management Errors vulnerability in Linux Kernel
The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel oops) via a keyring with a payload that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor.
network
low complexity
linux CWE-399
5.0
2005-08-23 CVE-2005-2098 Local Denial of Service vulnerability in Linux Kernel Session Keyring Allocation
The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to cause a denial of service (semaphore hang) via a new session keyring (1) with an empty name string, (2) with a long name string, (3) with the key quota reached, or (4) ENOMEM.
network
low complexity
linux
5.0