Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-08-05 | CVE-2005-2480 | Cross-Site Scripting vulnerability in Macromedia Coldfusion Fusebox 4.1.0 Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm. network macromedia | 4.3 |
| 2005-08-05 | CVE-2005-2479 | Denial of Service vulnerability in Pablo Software Solutions Quick N Easy FTP Server 3.0 Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial of service (application crash or CPU consumption) via a long USER command. | 5.0 |
| 2005-08-05 | CVE-2005-2477 | SQL Injection vulnerability in Naxtor Shopping Cart 1.0 shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote attackers to obtain sensitive information via a cat_id with a "'" (single quote), which reveals the path in an error message, possibly due to an SQL injection vulnerability. | 5.0 |
| 2005-08-05 | CVE-2005-2476 | Cross-Site Scripting vulnerability in Naxtor Shopping Cart 1.0 Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor Shopping Cart 1.0 allows remote attackers to inject arbitrary web script or HTML via the email parameter. network naxtor | 4.3 |
| 2005-08-05 | CVE-2005-2474 | Denial-Of-Service vulnerability in ChurchInfo ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message. | 5.0 |
| 2005-08-05 | CVE-2005-2472 | Remote Buffer Overflow vulnerability in Netcplus Businessmail 4.60.00 Multiple buffer overflows in BusinessMail 4.60.00 allow remote attackers to cause a denial of service (application crash) via a long string to SMTP (1) HELO or (2) MAIL FROM commands. | 5.0 |
| 2005-08-05 | CVE-2005-2359 | Authentication Constant Key Usage vulnerability in BSD IPsec Session AES-XCBC-MAC The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session. | 5.0 |
| 2005-08-04 | CVE-2005-2456 | Improper Locking vulnerability in multiple products Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array. | 5.5 |
| 2005-08-04 | CVE-2005-2455 | Remote Information Disclosure vulnerability in Greasemonkey 0.3.3 Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue. | 5.0 |
| 2005-08-04 | CVE-2005-2453 | Cross-Site Scripting vulnerability in NetworkActiv Web Server Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string. network networkactiv | 4.3 |