Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-1025 | Information Disclosure vulnerability in IBM Iseries AS 400 4.3 The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library. | 5.0 |
2005-05-02 | CVE-2005-1024 | Unspecified vulnerability in Francisco Burzi PHP-Nuke modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-1023 | Unspecified vulnerability in Francisco Burzi PHP-Nuke Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. network francisco-burzi | 4.3 |
2005-05-02 | CVE-2005-1022 | Unspecified vulnerability in Macromedia Coldfusion 6.1 ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. | 5.0 |
2005-05-02 | CVE-2005-1016 | Input Validation vulnerability in MaxWebPortal Events And Links Interface Cross-site scripting (XSS) vulnerability in links_add_form.asp for MaxWebPortal 1.33 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URL in a banner URL. network maxwebportal | 4.3 |
2005-05-02 | CVE-2005-1013 | Denial Of Service vulnerability in MailEnable SMTP Malformed EHLO Request The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a denial of service (server crash) via an EHLO command with a Unicode string. | 5.0 |
2005-05-02 | CVE-2005-1012 | Cross-Site Scripting vulnerability in SiteEnable Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows remote attackers to inject arbitrary web script or HTML via (1) the contenttype parameter to content.asp, (2) the title, or (3) the description. network iatek | 4.3 |
2005-05-02 | CVE-2005-1010 | HTML Injection vulnerability in Comersus Open Technologies Comersus Cart 6.0.3 Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username. network comersus-open-technologies | 4.3 |
2005-05-02 | CVE-2005-1008 | Unspecified vulnerability in Asp-Dev XM Forum RC3 Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via a "javascript:" URL in an IMG tag. network asp-dev | 4.3 |
2005-05-02 | CVE-2005-1007 | Unspecified vulnerability in Stalker Communigate PRO 4.3C1/4.3C2 Unknown vulnerability in the LIST functionality in CommuniGate Pro before 4.3c3 allows remote attackers to cause a denial of service (server crash) via certain multipart messages. | 5.0 |