Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-27 | CVE-2005-1802 | Products Remote Denial of Service vulnerability in Nortel Networks Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. | 5.0 |
| 2005-05-26 | CVE-2005-1797 | Unspecified vulnerability in Openssl The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations. | 5.1 |
| 2005-05-26 | CVE-2005-1782 | Cross-Site Scripting vulnerability in W.M.R. Simpson Bookreview 1.0 Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to (1) add_review.htm, (2) suggest_review.htm, (3) suggest_category.htm, (4) add_booklist.htm, or (5) add_url.htm, the isbn parameter to (6) add_review.htm, (7) add_contents.htm, (8) add_classification.htm, the (9) chapters parameter to the add_contents page in index.php (aka add_contents.htm), (10) the user parameter to contact.htm, or (11) the submit[string] parameter to search.htm. network w-m-r-simpson | 4.3 |
| 2005-05-26 | CVE-2005-1522 | Remote Denial of Service vulnerability in GNU Mailutils 0.5/0.6 The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command. | 5.0 |
| 2005-05-26 | CVE-2005-1408 | Unspecified vulnerability in Apple Keynote 2.0.0/2.0.1 Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary files via the keynote: URI handler in a crafted Keynote presentation. | 5.0 |
| 2005-05-26 | CVE-2005-0150 | Unspecified vulnerability in Mozilla Firefox Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code. | 5.0 |
| 2005-05-25 | CVE-2005-1254 | Multiple vulnerability in Ipswitch IMail Server Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument. | 5.0 |
| 2005-05-25 | CVE-2005-1252 | Multiple vulnerability in Ipswitch IMail Server Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file. | 5.0 |
| 2005-05-25 | CVE-2005-1249 | Multiple vulnerability in Ipswitch IMail Server The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop. | 5.0 |
| 2005-05-24 | CVE-2005-1749 | Remote vulnerability in BEA WebLogic Server and WebLogic Express Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping). | 5.0 |