Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-07-11 | CVE-2005-2209 | Cleartext Storage of Sensitive Information vulnerability in Capturix Scanshare 1.06 Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users. | 5.5 |
| 2005-07-11 | CVE-2005-2208 | Denial-Of-Service vulnerability in Privashare 1.1B PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message. | 5.0 |
| 2005-07-11 | CVE-2005-2207 | Cross-Site Scripting vulnerability in CartWIZ Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter. network elemental-software | 4.3 |
| 2005-07-11 | CVE-2005-2204 | Unspecified vulnerability in Broadcom Etrust Siteminder 5.5 Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors. network broadcom | 4.3 |
| 2005-07-11 | CVE-2005-2202 | Cross-Site Scripting vulnerability in Xerox Workcentre 2128, Workcentre 2636 and Workcentre 3545 Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network xerox | 4.3 |
| 2005-07-11 | CVE-2005-2201 | Denial-Of-Service vulnerability in Xerox Workcentre 2128, Workcentre 2636 and Workcentre 3545 Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests. | 6.4 |
| 2005-07-11 | CVE-2005-2192 | Remote Security vulnerability in Alexander Palmo Simple PHP Blog 0.4.0 SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack. | 5.0 |
| 2005-07-11 | CVE-2005-2191 | Input Validation And Information Disclosure vulnerability in Comersus BackOffice Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssignedPricesToCustomer.asp or (2) message parameter to comersus_backoffice_message.asp. network comersus-open-technologies | 4.3 |
| 2005-07-11 | CVE-2005-2189 | Information Disclosure vulnerability in Lantronix Securelinx 2.0/3.0 Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as SSH private keys. | 5.0 |
| 2005-07-11 | CVE-2005-2187 | Local Security vulnerability in IntruShield Security Management System McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using the (1) fullAccess or (2) fullAccessRight parameter in reports-column-center.jsp, or (3) fullAccess parameter to SystemEvent.jsp. | 4.6 |