Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0966 | Unspecified vulnerability in ROB Flynn Gaim 1.2.0 The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions. | 6.4 |
| 2005-05-02 | CVE-2005-0965 | Remote Denial Of Service vulnerability in ROB Flynn Gaim 1.2.0 The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read. | 5.0 |
| 2005-05-02 | CVE-2005-0964 | Local Network Access Restriction Bypass vulnerability in Kerio Personal Firewall Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that impersonates a legitimate process that has fewer restrictions. | 4.6 |
| 2005-05-02 | CVE-2005-0961 | Unspecified vulnerability in Horde Application Framework 3.0.4Rc1 Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title. network horde | 4.3 |
| 2005-05-02 | CVE-2005-0960 | Remote Denial Of Service vulnerability in Openbsd 3.5/3.6 Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c and (2) tcp_usrreq.c OpenBSD 3.5 and 3.6 allow remote attackers to cause a denial of service (memory exhaustion or system crash). | 5.0 |
| 2005-05-02 | CVE-2005-0954 | Unspecified vulnerability in Microsoft Internet Explorer, Windows Explorer and Windows XP Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file. | 5.0 |
| 2005-05-02 | CVE-2005-0952 | Unspecified vulnerability in PHP Arena Pafiledb 3.1 Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 5.0 |
| 2005-05-02 | CVE-2005-0949 | Input Validation vulnerability in Iatek PortalApp Multiple cross-site scripting (XSS) vulnerabilities in content.asp in Iatek PortalApp allow remote attackers to inject arbitrary web script or HTML via the (1) contenttype or (2) keywords parameter. network iatek | 4.3 |
| 2005-05-02 | CVE-2005-0945 | Unspecified vulnerability in ASP Press ACS Blog 1.1.1 Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags. network asp-press | 4.3 |
| 2005-05-02 | CVE-2005-0941 | Remote Heap Overflow vulnerability in OpenOffice Malformed Document The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow. | 5.1 |