Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-1163 | Buffer Overflow vulnerability in Yager Development Yager Game 5.0/5.20/5.24 Multiple buffer overflows in Yager 5.24 and earlier allow remote attackers to execute arbitrary code via (1) a crafted nickname or (2) a packet with a large amount of data. | 6.4 |
2005-05-02 | CVE-2005-1160 | Unspecified vulnerability in Mozilla Firefox and Mozilla The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object. | 5.1 |
2005-05-02 | CVE-2005-1158 | Unspecified vulnerability in Mozilla Firefox Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar. | 5.0 |
2005-05-02 | CVE-2005-1150 | Denial-Of-Service vulnerability in SUN Java System web Server 6.0 Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang). | 5.0 |
2005-05-02 | CVE-2005-1148 | Information Disclosure vulnerability in Calendarscript 3.20/3.21 calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information. | 5.0 |
2005-05-02 | CVE-2005-1137 | Information Disclosure vulnerability in Alexander Palmo Simple PHP Blog 0.4.0 Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-1135 | Cross-Site Scripting vulnerability in Alexander Palmo Simple PHP Blog 0.4.0 Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. network alexander-palmo | 4.3 |
2005-05-02 | CVE-2005-1133 | Remote Information Disclosure vulnerability in IBM iSeries AS400 POP3 Server The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. | 5.0 |
2005-05-02 | CVE-2005-1132 | Remote Denial Of Service vulnerability in LG Electronics LG Mobile Phone U8120 LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file. | 5.0 |
2005-05-02 | CVE-2005-1127 | Unspecified vulnerability in Postgrey 1.17/1.18 Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey. | 5.0 |