Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-18 | CVE-2005-1656 | Remote Security vulnerability in Mercur Messaging 2005Sp2 Mercur Messaging 2005 SP2 allows remote attackers to read the source code of .ctml files via a URL with a trailing hex-encoded space ("%20"). | 5.0 |
| 2005-05-18 | CVE-2005-1655 | Remote Denial Of Service vulnerability in AOL Instant Messenger Smiley Icon Location AOL Instant Messenger 5.5.x and earlier allows remote attackers to cause a denial of service (client crash) via an invalid smiley icon location in the sml parameter of a font tag. | 5.0 |
| 2005-05-18 | CVE-2005-1653 | Input Validation and Information Disclosure vulnerability in Woppoware Postmaster 4.2.2Build3.2.5 Cross-site scripting (XSS) vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to inject arbitrary web script or HTML via the email parameter. network woppoware | 6.8 |
| 2005-05-18 | CVE-2005-1649 | Denial of Service vulnerability in Microsoft Windows 2003 Server and Windows XP The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016). | 5.0 |
| 2005-05-18 | CVE-2005-1645 | Unspecified vulnerability in Keyvan1 Imagegallery Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | 5.0 |
| 2005-05-18 | CVE-2005-1644 | HTML Injection vulnerability in 1Two Livre D OR 1.0 Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two Livre d'Or 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) livreornom, (2) livreoremail, or (3) livreormessage parameters. network 1two | 6.8 |
| 2005-05-18 | CVE-2005-0134 | Unspecified vulnerability in SCO Unixware 7.1.1/7.1.3/7.1.4 The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly create socket directories in /tmp, which could allow attackers to hijack local sockets. | 4.6 |
| 2005-05-17 | CVE-2005-1643 | Denial-Of-Service vulnerability in Zoidcom The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and earlier allows remote attackers to cause a denial of service via a crafted UDP packet with a large size value, which causes a memory allocation error or an out-of-bounds read. | 5.0 |
| 2005-05-17 | CVE-2005-1638 | Unspecified vulnerability in Pixel-Apes Group Safehtml The _writeAttrs function in SafeHTML before 1.3.2 does not properly handle quotes in attribute values, which could allow remote attackers to exploit cross-site scripting (XSS) vulnerabilities in applications that rely on SafeHTML for protection. network pixel-apes-group | 4.3 |
| 2005-05-17 | CVE-2005-1636 | mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents. | 4.6 |