Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-07-27 | CVE-2005-2335 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fetchmail Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. | 5.0 |
| 2005-07-26 | CVE-2005-2381 | Information Disclosure vulnerability in PHP Surveyor PHP Surveyor 0.98 PHP Surveyor 0.98 allows remote attackers to obtain sensitive information via a direct request to (1) question.php, (2) survey.php, or (3) group.php in the root directory, a direct request to (4) database.php, (5) sessioncontrol.php, (6) html.php, (7) sessioncontrol.php, an invalid (8) qid parameter to dumpquestion.php, or an invalid lid parameter to (9) labels.php or (10) dumplabel.php, which reveal the path in an error message. | 5.0 |
| 2005-07-26 | CVE-2005-2380 | Cross-Site Scripting vulnerability in PHP Surveyor PHP Surveyor 0.98 Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 allow remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) start, and (3) id parameters to browse.php, or the sid parameter to (4) dataentry.php or (5) export.php. | 5.0 |
| 2005-07-26 | CVE-2005-2379 | Cross-Site Scripting vulnerability in Oracle Reports 9.0.2 Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet. network oracle | 4.3 |
| 2005-07-26 | CVE-2005-2378 | Path Traversal vulnerability in Oracle Reports Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. | 5.0 |
| 2005-07-26 | CVE-2005-2377 | Denial-Of-Service vulnerability in Mandrakesoft Mandrake Linux and Mandrake Linux Corporate Server nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. | 5.0 |
| 2005-07-26 | CVE-2005-2376 | Denial-Of-Service vulnerability in Toca Race Driver Buffer overflow in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via a long (1) nickname or (2) chat message. | 5.0 |
| 2005-07-26 | CVE-2005-2375 | Denial-Of-Service vulnerability in Toca Race Driver Format string vulnerability in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via format string specifiers in a (1) nickname or (2) chat message. | 5.0 |
| 2005-07-26 | CVE-2005-2371 | Path Traversal vulnerability in Oracle Reports Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. | 5.0 |
| 2005-07-26 | CVE-2005-2370 | Resource Management Errors vulnerability in multiple products Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message. | 5.0 |