Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-07-05 | CVE-2005-2141 | Denial-Of-Service vulnerability in Jollybox.De TCP Chat 1.0 TCP Chat 1.0 allows remote attackers to cause a denial of service (crash) via a long string to the chat service, possibly triggering a buffer overflow. | 5.0 |
| 2005-07-05 | CVE-2005-2140 | Directory Traversal vulnerability in Fsboard 2.0 Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via ".." sequences in the filename parameter. | 5.0 |
| 2005-07-05 | CVE-2005-2139 | Remote Security vulnerability in Pavsta Auto Site PHP remote file inclusion vulnerability in user_check.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter. | 5.0 |
| 2005-07-05 | CVE-2005-2138 | Cross-Site Scripting vulnerability in Comdev Ecommerce 3.0/3.1 Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message. network comdev | 4.3 |
| 2005-07-05 | CVE-2005-2137 | Unspecified vulnerability in Nateon Messenger 3.0 Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers to list arbitrary directories via unknown attack vectors. | 5.0 |
| 2005-07-05 | CVE-2005-2115 | Denial-Of-Service vulnerability in Soldier Of Fortune 2 Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server crash) via a large ID value in the ignore command, which is used as an array index and causes an out-of-bounds operation. | 5.0 |
| 2005-07-05 | CVE-2005-2114 | Denial-Of-Service vulnerability in Firefox Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function. | 5.0 |
| 2005-07-05 | CVE-2005-2112 | Cross-Site Scripting vulnerability in Xoops Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php. network xoops | 4.3 |
| 2005-07-05 | CVE-2005-2110 | Information Disclosure vulnerability in WordPress WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. | 5.0 |
| 2005-07-05 | CVE-2005-2109 | Denial-Of-Service vulnerability in WordPress wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use. | 5.0 |