Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-14 | CVE-2005-1545 | Unspecified vulnerability in HT Editor HT Editor Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow. | 5.1 |
| 2005-05-13 | CVE-2005-0758 | zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | 4.6 |
| 2005-05-12 | CVE-2005-1579 | Information Disclosure vulnerability in Apple Quicktime 7.0 Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker. | 5.0 |
| 2005-05-12 | CVE-2005-1568 | Information Disclosure vulnerability in Directtopics topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to obtain sensitive information via an invalid topic parameter, which reveals the path in an error message. | 5.0 |
| 2005-05-12 | CVE-2005-1565 | Information Disclosure vulnerability in Bugzilla Authentication Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history. | 5.0 |
| 2005-05-12 | CVE-2005-0971 | Unspecified vulnerability in Apple mac OS X Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments. | 4.6 |
| 2005-05-12 | CVE-2005-0969 | Unspecified vulnerability in Apple mac OS X Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters. | 4.6 |
| 2005-05-11 | CVE-2005-1572 | Denial-Of-Service vulnerability in Wenig and Spitzer-Williams Showoff Digital Media Software 1.5.4 ShowOff! 1.5.4 allows remote attackers to cause a denial of service (server crash) via a malformed request to port 8083. | 5.0 |
| 2005-05-11 | CVE-2005-1561 | Remote vulnerability in MaxWebPortal Multiple cross-site scripting (XSS) vulnerabilities in post.asp in MaxWebPortal 1.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mod, (2) M, or (3) type parameter. network maxwebportal | 4.3 |
| 2005-05-11 | CVE-2005-1557 | HTML Injection vulnerability in Pixysoft Guestbook PRO 3.2.1 Multiple cross-site scripting (XSS) vulnerabilities in WebApp Guestbook PRO 3.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message. network pixysoft | 4.3 |