Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-1053 | Unspecified vulnerability in Moderngigabyte Modernbill Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters. network moderngigabyte | 4.3 |
| 2005-05-02 | CVE-2005-1052 | Unspecified vulnerability in Microsoft Outlook and Outlook web Access Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. | 5.0 |
| 2005-05-02 | CVE-2005-1051 | SQL Injection vulnerability in PunBB Profile.PHP SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a change_email action. | 6.5 |
| 2005-05-02 | CVE-2005-1050 | Information Disclosure vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3 The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message. | 5.0 |
| 2005-05-02 | CVE-2005-1034 | Denial of Service vulnerability in Netwin Surgeftp 2.2K3/2.2M1 SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. | 5.0 |
| 2005-05-02 | CVE-2005-1033 | Unspecified vulnerability in Devellion Cubecart 2.0.6 CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message. | 5.0 |
| 2005-05-02 | CVE-2005-1031 | Remote Arbitrary File Upload vulnerability in RunCMS RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files. | 5.0 |
| 2005-05-02 | CVE-2005-1030 | Cross-Site Scripting vulnerability in Active web Softwares Active Auction House 7.1 Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp. network active-web-softwares | 4.3 |
| 2005-05-02 | CVE-2005-1028 | Information Exposure vulnerability in PHPnuke PHP-Nuke PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. | 5.0 |
| 2005-05-02 | CVE-2005-1027 | Cross-Site Scripting vulnerability in PHP-Nuke Modules.PHP Username URI Parameter Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module. network francisco-burzi | 4.3 |