Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0874 | Unspecified vulnerability in Cerulean Studios Trillian 2.0 Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. | 5.0 |
| 2005-05-02 | CVE-2005-0873 | Remote Cross-Site Scripting vulnerability in Oracle 10G Reports Server 9.0.4.3.3 Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter. network oracle | 4.3 |
| 2005-05-02 | CVE-2005-0872 | Unspecified vulnerability in PHPbb Group PHPbb 1.0.1 Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter. network phpbb-group | 4.3 |
| 2005-05-02 | CVE-2005-0871 | Information Disclosure vulnerability in PHPbb Group PHPbb 1.0.1 calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message. | 5.0 |
| 2005-05-02 | CVE-2005-0870 | Cross-Site Scripting vulnerability in PHPsysinfo 2.3 Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php. network phpsysinfo | 4.3 |
| 2005-05-02 | CVE-2005-0869 | Information Disclosure vulnerability in PHPsysinfo 2.3 phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message. | 5.0 |
| 2005-05-02 | CVE-2005-0864 | Remote vulnerability in Securecomputing Samsung Adsl Modem Smdk8947V1.2 The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request. | 5.0 |
| 2005-05-02 | CVE-2005-0863 | HTML Injection vulnerability in PHPopenchat 3.0.0/3.0.1/3.0.2 Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php. network phpopenchat | 4.3 |
| 2005-05-02 | CVE-2005-0857 | Cross-Site Scripting And SQL Injection vulnerability in CoolForum Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the img parameter. network coolforum | 4.3 |
| 2005-05-02 | CVE-2005-0853 | Remote vulnerability in Betaparticle Blog 2.0/3.0 betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. | 5.0 |