Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-1202 | Cross-Site Scripting and SQL Injection vulnerability in eGroupWare Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter. network egroupware | 6.8 |
| 2005-05-02 | CVE-2005-1201 | Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. | 6.4 |
| 2005-05-02 | CVE-2005-1198 | Directory Traversal vulnerability in Foundation Directory Directory traversal vulnerability in apexec.pl for Anaconda Foundation Directory allows remote attackers to read arbitrary files via hex-encoded null characters (%00) in the middle of ".." sequences in the template parameter. | 5.0 |
| 2005-05-02 | CVE-2005-1192 | Remote Denial Of Service vulnerability in HP-UX ICMP PMTUD Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060. | 5.0 |
| 2005-05-02 | CVE-2005-1191 | Unspecified vulnerability in Microsoft products The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file. | 5.0 |
| 2005-05-02 | CVE-2005-1190 | Denial-Of-Service vulnerability in Webcamxp Pro WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a denial of service via a long chat name, which takes up too much display space and prevents the chat frame from being properly rendered. | 5.0 |
| 2005-05-02 | CVE-2005-1189 | Cross-Site Scripting vulnerability in Webcamxp Pro Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and earlier allows remote attackers to inject arbitrary web script or HTML via the chat name, as demonstrated by using an IFRAME to redirect users to other sites. network webcamxp | 4.3 |
| 2005-05-02 | CVE-2005-1188 | Cross-Site Scripting vulnerability in Comersus Cart Comersus_Search_Item.ASP Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter. network comersus-open-technologies | 4.3 |
| 2005-05-02 | CVE-2005-1186 | Cross-Site Scripting vulnerability in Jukebox Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com domain to the Trusted Sites zone in Internet Explorer, which allows systems in the domain to conduct unauthorized activities, as demonstrated using cross-site scripting (XSS) attacks. network musicmatch | 6.8 |
| 2005-05-02 | CVE-2005-1185 | Local Security vulnerability in Jukebox Unquoted Windows search path vulnerability in Musicmatch Jukebox 10.00.2047 and earlier allows local users to gain privileges via a malicious C:\program.exe file, which is run by MMFWLaunch.exe when it attempts to execute launch.exe. | 4.6 |