Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-03 | CVE-2005-1392 | Unspecified vulnerability in PHPmyadmin 2.6.2 The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script. | 4.6 |
| 2005-05-03 | CVE-2005-1388 | Cross-Site Scripting vulnerability in Survivor 0.9.5A Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network survivor | 4.3 |
| 2005-05-03 | CVE-2005-1386 | Information Disclosure vulnerability in PHP-Nuke PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php), (7) a request to Web_Links with the indonesian language (lang-indonesian.php), (8) a request to the survey module with the indonesian language (lang-indonesian.php), (9) a request to the Reviews module with the portuguese language, or (10) a request to the Journal module with the portuguese language, which reveal the path in an error message. | 5.0 |
| 2005-05-03 | CVE-2005-1382 | File Corruption vulnerability in Oracle Application Server 9i Webcache Arbitrary The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter. | 5.0 |
| 2005-05-03 | CVE-2005-1381 | Cross-Site Scripting vulnerability in Oracle Application Server 9i Webcache Cache_dump_file Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter. network oracle | 6.8 |
| 2005-05-03 | CVE-2005-1380 | Cross-Site Scripting vulnerability in BEA Weblogic Server 8.1 Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action. network bea | 6.8 |
| 2005-05-03 | CVE-2005-1379 | Unspecified vulnerability in Mandrakesoft Mandrake Lam-Runtime 7.0.6.2Mdk The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandrake Linux installs the mpi user without a password, which allows local users to gain privileges. | 4.6 |
| 2005-05-03 | CVE-2005-1374 | Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1 Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php. network claroline | 6.8 |
| 2005-05-03 | CVE-2005-1372 | Local Privilege Escalation vulnerability in BakBone NetVault NVStatsMngr.EXE nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop privileges before opening files, which allows local users to gain privileges via the Help menu. | 4.6 |
| 2005-05-03 | CVE-2005-0106 | Unspecified vulnerability in Ubuntu Linux 5.04 SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file. | 4.6 |