Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-0654 | Unspecified vulnerability in Gimp 2.0.5/2.2.3/2.2.4 gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or local users to cause a denial of service (application crash) via the image descriptor (1) height or (2) width fields set to zero. | 5.0 |
2005-05-02 | CVE-2005-0653 | Local Security vulnerability in PHPmyadmin 2.6.1 phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. | 4.6 |
2005-05-02 | CVE-2005-0650 | Remote Cross-Site Scripting vulnerability in Projectbb 0.4.5.1 Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) the pages parameter to divers.php (incorrectly referred to as "drivers.php" by some sources), (2) in the search feature text area, (3) forum name, (4) site name or (5) the maximum avatar size in the option section, (5) new category or (6) new forum fields in the forum section. network projectbb | 4.3 |
2005-05-02 | CVE-2005-0649 | Cross-Site Scripting vulnerability in Safehtml Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities." network pixel-apes-group | 4.3 |
2005-05-02 | CVE-2005-0648 | Cross-Site Scripting vulnerability in Pixel-Apes Group Safehtml 1.3.0 Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow remote attackers to bypass cross-site scripting (XSS) protection via (1) "decimal HTML entities" or (2) "the \x00 symbol." network pixel-apes-group | 4.3 |
2005-05-02 | CVE-2005-0647 | Remote Security vulnerability in PHP Arena Panews 2.0.4B admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. | 5.0 |
2005-05-02 | CVE-2005-0645 | Cross-Site Scripting vulnerability in cuteNews Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR header in an HTTP POST request to show_news.php. network cutephp | 4.3 |
2005-05-02 | CVE-2005-0637 | Unspecified vulnerability in Openbsd 3.5/3.6 The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify kernel memory. | 5.0 |
2005-05-02 | CVE-2005-0627 | Local Code Execution vulnerability in Trolltech QT Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. | 4.6 |
2005-05-02 | CVE-2005-0621 | Denial-Of-Service vulnerability in Enlight Software Scrapland 1.0 Scrapland 1.0 and earlier allows remote attackers to cause a denial of service (server termination) by triggering an error, which is treated as a fatal error by the server, as demonstrated using (1) signed integers for size values, (2) an invalid model, (3) a "newpos" value that is less than or equal to a size value, or (4) partial packets. | 5.0 |