Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-04 | CVE-2005-1336 | Local Security vulnerability in Apple mac OS X 10.3.9 Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable. | 4.6 |
| 2005-05-04 | CVE-2005-1333 | Directory Traversal vulnerability in Apple mac OS X 10.3.9 Directory traversal vulnerability in the Bluetooth file and object exchange (OBEX) services in Mac OS X 10.3.9 allows remote attackers to read arbitrary files. | 5.0 |
| 2005-05-04 | CVE-2005-1331 | Multiple vulnerability in Apple Mac OS X The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs. | 5.1 |
| 2005-05-04 | CVE-2005-1330 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception. | 4.9 |
| 2005-05-04 | CVE-2005-1194 | Remote Buffer Overflow vulnerability in Redhat products Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287. | 4.6 |
| 2005-05-03 | CVE-2005-1448 | HTML Injection vulnerability in S9Y Serendipity BBCode Plugin Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network s9y | 6.8 |
| 2005-05-03 | CVE-2005-1445 | Directory Traversal vulnerability in Sitepanel Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (2) read arbitrary files via the lang parameter to index.php. | 6.4 |
| 2005-05-03 | CVE-2005-1444 | Cross-Site Scripting vulnerability in Sitepanel Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to inject arbitrary web script or HTML via (1) the v, show, or sec_name parameters to main.php, (2) the inadmin, newsev, or postid parameters to 5.php, or (3) the id parameter to 0.php. network sitepanel | 6.8 |
| 2005-05-03 | CVE-2005-1443 | Cross-Site Scripting vulnerability in Invision Power Board Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters. network invision-power-services | 6.8 |
| 2005-05-03 | CVE-2005-1442 | Local NOTES.INI Buffer Overflow vulnerability in IBM Lotus Notes Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file. | 4.6 |