Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2005-05-16 CVE-2005-1595 Input Validation vulnerability in Codethat Shoppingcart 1.3.1
CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request.
network
low complexity
codethat
5.0
5.0
2005-05-16 CVE-2005-1593 Input Validation vulnerability in Codethat Shoppingcart 1.3.1
Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
network
codethat
6.8
6.8
2005-05-16 CVE-2005-1591 Denial-Of-Service vulnerability in Solaris
Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (rpc.nisd disabled and NIS+ unavailable) via unknown vectors.
network
low complexity
sun
5.0
5.0
2005-05-16 CVE-2005-1590 Local Security vulnerability in Deployment Solution
The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070.
local
low complexity
altiris
4.6
4.6
2005-05-14 CVE-2005-1587 Cross-Site Scripting vulnerability in Open Solution Quick.Cart 0.3.0
Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter.
network
open-solution
4.3
4.3
2005-05-14 CVE-2005-1586 Information Disclosure vulnerability in Open Solution Quick.Forum 2.1.6
Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files.
network
low complexity
open-solution
5.0
5.0
2005-05-14 CVE-2005-1584 HTML Injection vulnerability in Open Solution Quick.Forum 2.1.6
Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action.
network
open-solution
4.3
4.3
2005-05-14 CVE-2005-1583 Remote Security vulnerability in 1Two News 1.0
1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php.
network
low complexity
1two
5.0
5.0
2005-05-14 CVE-2005-1582 Cross-Site Scripting vulnerability in 1Two News 1.0
Cross-site scripting (XSS) vulnerability in index.php for 1Two News 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) nom, (2) email, (3) siteweb, or (4) commentaire variables.
network
1two
4.3
4.3
2005-05-14 CVE-2005-1581 Cross-Site Scripting vulnerability in Eric Fichot BUG Report 1.0
Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows remote attackers to inject arbitrary web script or HTML via various fields to bug_report.php, which are not filtered or quoted when processed by bug_list.php or admin/index.php.
network
eric-fichot
4.3
4.3