Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-08-10 | CVE-2005-2539 | Cross-Site Scripting vulnerability in Flatnuke 2.5.5 Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php, (5) admin, (6) admin_mail, or (7) back parameter to footer.php, or (8) the message body in a news post. network flatnuke | 4.3 |
| 2005-08-10 | CVE-2005-2538 | Denial-Of-Service vulnerability in Flatnuke 2.5.5 FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via (1) a null byte or (2) an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1 in the mod parameter. | 5.0 |
| 2005-08-10 | CVE-2005-2537 | Information Disclosure vulnerability in Flatnuke 2.5.5 FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via a direct request to structure.php. | 5.0 |
| 2005-08-10 | CVE-2005-1990 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087. | 5.1 |
| 2005-08-10 | CVE-2005-1988 | Unspecified vulnerability in Microsoft IE and Internet Explorer Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability". | 5.1 |
| 2005-08-10 | CVE-2005-1218 | Remote Desktop Protocol Denial Of Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests. | 5.0 |
| 2005-08-07 | CVE-2005-2488 | Cross-Site Scripting vulnerability in Web Content Management Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php. network web-content-management | 4.3 |
| 2005-08-07 | CVE-2005-2485 | Cross Site Scripting vulnerability in Logicampus 1.1.0 Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network logicampus | 4.3 |
| 2005-08-07 | CVE-2005-2482 | Unspecified vulnerability in Metasploit Framework The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command. | 5.0 |
| 2005-08-05 | CVE-2005-2481 | Information Disclosure vulnerability in Macromedia Coldfusion Fusebox 4.1.0 ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character. | 5.0 |