Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-11 | CVE-2005-1519 | DNS Spoofing vulnerability in Squid Proxy Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups. | 6.4 |
| 2005-05-11 | CVE-2005-1515 | Denial-Of-Service vulnerability in Qmail Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO commands. | 5.0 |
| 2005-05-11 | CVE-2005-1514 | Denial-Of-Service vulnerability in Qmail commands.c in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SMTP command without a space character, which causes an array to be referenced with a negative index. | 5.0 |
| 2005-05-11 | CVE-2005-1508 | Cross-Site Scripting vulnerability in Pwsphp 1.2.2 Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module. network pwsphp | 6.8 |
| 2005-05-11 | CVE-2005-1507 | Remote Buffer Overflow vulnerability in 4D WebStar Tomcat Plugin Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL. | 5.0 |
| 2005-05-11 | CVE-2005-1504 | Security Bypass vulnerability in Cd-Key Validation System GameSpy SDK CD-Key Validation Toolkit, as used by many online games, allows remote attackers to bypass the CD key validation by sending a spoofed \disc\ command, which tells the server the CD key is no longer in use. | 5.0 |
| 2005-05-11 | CVE-2005-1502 | Cross-Site Scripting vulnerability in MidiCart PHP Search_List.PHP SearchString Parameter Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php. network midicart-software | 6.8 |
| 2005-05-11 | CVE-2005-1498 | Input Validation vulnerability in Mybloggie 2.1.1/2.1.2 Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) year parameter in viewmode.php, or the (2) cat_id, (3) month_no, or (4) post_id parameter in index.php, which are not properly sanitized before they are displayed in an error message. network mywebland | 4.3 |
| 2005-05-11 | CVE-2005-1497 | Information Disclosure vulnerability in Mywebland Mybloggie 2.1.1 index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid post_id parameter, which reveals the path in an error message. | 5.0 |
| 2005-05-11 | CVE-2005-1496 | Privilege Escalation vulnerability in Oracle Application Server and Oracle10G The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user. | 4.6 |