Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-07-05 | CVE-2005-2107 | Cross-Site Scripting vulnerability in WordPress Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter. network wordpress | 4.3 |
2005-07-05 | CVE-2005-2106 | Unspecified vulnerability in Drupal Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting. | 5.0 |
2005-07-05 | CVE-2005-2094 | Cross-Site Scripting vulnerability in SUN ONE web Server 6.1 Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." network sun | 4.3 |
2005-07-05 | CVE-2005-2093 | Unspecified vulnerability in Oracle Application Server 9.0.2 Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." network oracle | 4.3 |
2005-07-05 | CVE-2005-2092 | Cross-Site Scripting vulnerability in BEA Weblogic Server 8.1 BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." network bea | 4.3 |
2005-07-05 | CVE-2005-2091 | Cross-Site Scripting vulnerability in Websphere Application Server 5.0/5.1.0 IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." network ibm | 4.3 |
2005-07-05 | CVE-2005-2087 | Resource Management Errors vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). | 5.0 |
2005-07-05 | CVE-2005-2085 | Denial-Of-Service vulnerability in Infradig Systems Inframail Advantage Server6.0/Server6.7 Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 allows remote attackers to cause a denial of service (process crash) via a long (1) SMTP FROM field or possibly (2) FTP NLST command. | 5.0 |
2005-07-05 | CVE-2005-2084 | Cross-Site Scripting vulnerability in Community Server Forums Cross-site scripting (XSS) vulnerability in SearchResults.aspx in Community Forum allows remote attackers to inject arbitrary web script or HTML via the q parameter. network telligent-systems | 4.3 |
2005-07-05 | CVE-2005-2083 | Denial-Of-Service vulnerability in Ia Emailserver Format string vulnerability in IMAP4 in IA eMailServer Corporate Edition 5.2.2 build 1051 allows remote attackers to cause a denial of service (application crash) via a LIST command with format string specifiers as the second argument. | 5.0 |