Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-06-09 | CVE-2005-1898 | Information Disclosure vulnerability in PHPThumb Arbitrary File The passthrough functionality in phpThumb.php in phpThumb() before 1.5.4 allows remote attackers to read files that are not images. | 5.0 |
2005-06-09 | CVE-2005-1896 | Directory Traversal vulnerability in Flatnuke 2.5.3 Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter. | 5.0 |
2005-06-09 | CVE-2005-1895 | Cross-Site Scripting vulnerability in Flatnuke 2.5.3 Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the border or back parameters to (1) help.php or (2) footer.php. network flatnuke | 4.3 |
2005-06-09 | CVE-2005-1893 | Information Disclosure vulnerability in Flatnuke 2.5.3 FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message. | 5.0 |
2005-06-09 | CVE-2005-1887 | Local Security vulnerability in SUN Solaris 10.0 Unknown vulnerability in the Sun Solaris C library (libc and libproject) in Solaris 10 allows local users to gain privileges. | 4.6 |
2005-06-09 | CVE-2005-1886 | Cross-Site Scripting vulnerability in Yapig 0.92B/0.93U/0.94U Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment. network yapig | 4.3 |
2005-06-09 | CVE-2005-1884 | Directory Traversal vulnerability in Yapig 0.92B/0.93U/0.94U Directory traversal vulnerability in the (1) rmdir or (2) mkdir commands in upload.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to create or delete arbitrary directories via a .. | 6.4 |
2005-06-09 | CVE-2005-1883 | Remote Security vulnerability in Yapig 0.92B global.php in YaPiG 0.92b allows remote attackers to include arbitrary local files via the BASE_DIR parameter. | 5.0 |
2005-06-09 | CVE-2005-1879 | Link Following vulnerability in Lutel Lutelwall LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. | 5.5 |
2005-06-09 | CVE-2005-1874 | Directory traversal vulnerability in Dzip before 2.9 allows remote attackers to create arbitrary files via a filename containing a .. | 5.0 |