Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-10 | CVE-2005-1555 | Cross-Site Scripting vulnerability in Macromedia Coldfusion 7.0 Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page. network macromedia | 4.3 |
| 2005-05-10 | CVE-2005-0039 | Unspecified vulnerability in Nissc Ipsec 1.0 Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address. | 6.4 |
| 2005-05-09 | CVE-2005-1477 | Remote Arbitrary Code Execution vulnerability in Mozilla Firefox 1.0.3 The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. | 5.1 |
| 2005-05-09 | CVE-2005-1476 | Remote Arbitrary Code Execution vulnerability in Mozilla Firefox Install Method Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477. | 5.1 |
| 2005-05-06 | CVE-2005-1406 | Local Kernel Memory Disclosure vulnerability in FreeBSD The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory. | 4.6 |
| 2005-05-06 | CVE-2005-1400 | Unspecified vulnerability in Freebsd The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values. | 4.6 |
| 2005-05-06 | CVE-2005-1399 | Unspecified vulnerability in Freebsd FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver. | 4.6 |
| 2005-05-05 | CVE-2005-1453 | Unspecified vulnerability in Leafnode fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers. | 5.0 |
| 2005-05-04 | CVE-2005-1341 | Multiple vulnerability in Apple Mac OS X Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences. | 5.1 |
| 2005-05-04 | CVE-2005-1338 | Local Security vulnerability in Apple mac OS X 10.3.9 Mac OS X 10.3.9, when using an LDAP server that does not use ldap_extended_operation, may store initial LDAP passwords for new accounts in plaintext. | 4.6 |