Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-0526 | Cross-Site Scripting vulnerability in Pblang 4.65 Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, which is processed by pmpshow.php. network pblang | 4.3 |
2005-05-02 | CVE-2005-0525 | Unspecified vulnerability in PHP The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek. | 5.0 |
2005-05-02 | CVE-2005-0524 | Unspecified vulnerability in PHP The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value. | 5.0 |
2005-05-02 | CVE-2005-0522 | Unspecified vulnerability in Lionmax Software Chat Anywhere 2.72A Chat Anywhere 2.72a stores sensitive information such as passwords in plaintext in the .INI file for a chatroom, which allows local users to gain privileges. | 4.6 |
2005-05-02 | CVE-2005-0500 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks. | 5.0 |
2005-05-02 | CVE-2005-0493 | Security Bypass vulnerability in Biz Mail Form CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before 2.2 allows remote attackers to bypass the email check and send spam e-mail via CRLF sequences and forged mail headers in the email parameter. | 5.0 |
2005-05-02 | CVE-2005-0461 | Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote attackers to "take actions on comments." | 5.0 |
2005-05-02 | CVE-2005-0460 | Information Disclosure vulnerability in Mercuryboard 1.0/1.1/1.1.1 index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to obtain sensitive information by setting the debug parameter. | 5.0 |
2005-05-02 | CVE-2005-0459 | Remote Security vulnerability in phpMyAdmin phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-0458 | Cross-Site Scripting vulnerability in Oscommerce 2.2Ms2 Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter. network oscommerce | 4.3 |