Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0938 | Remote Security vulnerability in Ublog Reload Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web root, which allows remote attackers to read usernames and hashed passwords via a direct request to ublogreload.mdb. | 5.0 |
| 2005-05-02 | CVE-2005-0936 | Cross-Site Scripting vulnerability in Esmi Paypal Storefront 1.7 Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 5.0 |
| 2005-05-02 | CVE-2005-0934 | Cross-Site Scripting vulnerability in Wackowiki R4 Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. network wackowiki | 4.3 |
| 2005-05-02 | CVE-2005-0933 | Remote vulnerability in PHPcoin 1.2.1/1.2.1B Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter. | 5.0 |
| 2005-05-02 | CVE-2005-0930 | HTML Injection vulnerability in Chatness 2.5.1 Cross-site scripting (XSS) vulnerability in message.php in Chatness 2.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the user field or (2) the message parameter to message.php. network chatness | 4.3 |
| 2005-05-02 | CVE-2005-0928 | Unspecified vulnerability in Photopost PHP PRO 5.02 Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php. network photopost | 4.3 |
| 2005-05-02 | CVE-2005-0926 | Unspecified vulnerability in Sylpheed Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names. | 5.1 |
| 2005-05-02 | CVE-2005-0925 | Cross-Site Scripting vulnerability in Uapplication Ublog Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. network uapplication | 4.3 |
| 2005-05-02 | CVE-2005-0922 | Remote Denial Of Service vulnerability in Symantec products Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type. | 5.0 |
| 2005-05-02 | CVE-2005-0921 | Unspecified vulnerability in Microsoft Outlook Connector 2002 Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy. | 4.6 |