Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-06-06 | CVE-2005-1885 | Information Disclosure vulnerability in Yapig 0.92B/0.93U/0.94U view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message. | 5.0 |
2005-06-06 | CVE-2005-1880 | Link Following vulnerability in Everybuddy 0.4.3 everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. | 5.5 |
2005-06-06 | CVE-2005-1877 | Input Validation vulnerability in Lpanel 1.59 Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel 1.59 and earlier allows remote attackers to inject arbitrary web script or HTML and obtain sensitive information via the pid parameter. network lpanel | 4.3 |
2005-06-02 | CVE-2005-1840 | Directory Traversal vulnerability in phpCMS Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. | 5.0 |
2005-06-02 | CVE-2005-1838 | Cross-Site Scripting vulnerability in Liberum Help Desk 0.97.3 Multiple cross-site scripting vulnerabilities in castnewPost.asp in Liberum Help Desk 0.97.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Email, (2) Title, or (3) Description fields. | 5.0 |
2005-06-01 | CVE-2005-1836 | Denial-Of-Service vulnerability in Nextweb (i)Site NEXTWEB (i)Site allows remote attackers to cause a denial of service (error 500) via a crafted HTTP request, possibly involving wildcard requests for .jsp files. | 5.0 |
2005-06-01 | CVE-2005-1823 | SQL Injection and Cross-Site Scripting vulnerability in Qualiteam X-Cart 4.0.8 Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php. network qualiteam | 4.3 |
2005-06-01 | CVE-2005-1819 | Unspecified vulnerability in Nikosoft Webmail Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before 0.11.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network nikosoft | 4.3 |
2005-06-01 | CVE-2005-1817 | Unspecified vulnerability in Invision Power Services Invision Board Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters. | 5.0 |
2005-06-01 | CVE-2005-1816 | Privilege Escalation vulnerability in Invision Power Board Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the "Move users in this group to" screen. | 4.6 |