Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-08-17 | CVE-2005-2598 | Directory Traversal vulnerability in Dokeos Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroline/scorm/scormdocument.php, (2) move arbitrary files via the move_to and move_file parameters to claroline/document/document.php, or determine the existence of arbitrary files via the file parameter to (3) claroline/scorm/showinframes.php or (4) claroline/scorm/contents.php. | 5.0 |
| 2005-08-17 | CVE-2005-2596 | Unspecified vulnerability in Gallery Project Gallery 1.3.4 User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries. | 4.6 |
| 2005-08-17 | CVE-2005-2595 | HTML Injection vulnerability in Dada Mail Archives Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages. network dada-mail | 4.3 |
| 2005-08-17 | CVE-2005-2594 | Denial Of Service vulnerability in Apple Safari 1.3 Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body. | 5.0 |
| 2005-08-17 | CVE-2005-2591 | Multiple Unspecified vulnerability in Parlano Mindalign 5.0 Parlano MindAlign 5.0 and later versions allows remote attackers to list valid users via unknown vectors, aka the "User Enumeration" vulnerability. | 5.0 |
| 2005-08-17 | CVE-2005-2590 | Multiple Unspecified vulnerability in Parlano Mindalign 5.0 Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network parlano | 4.3 |
| 2005-08-17 | CVE-2005-2588 | Cross-Site Scripting vulnerability in Dvbbs 7.1/7.1Sp2 Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter to dispbbs.asp, (2) name parameter to dispuser.asp, or the (3) title, (4) view, or (5) act parameter to boardhelp.asp. network dvbbs | 4.3 |
| 2005-08-17 | CVE-2005-2101 | Unspecified vulnerability in KDE langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files. | 5.0 |
| 2005-08-16 | CVE-2005-2585 | Multiple vulnerability in Mentor Adslfr4Ii 2.00.0111 Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote attackers to cause a denial of service (active TCP connections state table consumption) via a large number of connections, such as a port scan. | 5.0 |
| 2005-08-16 | CVE-2005-2581 | Unspecified vulnerability in Grandstream Budgetone 101 and Budgetone 102 Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote attackers to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060. | 5.0 |