Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0049 | Unspecified vulnerability in Microsoft Sharepoint Portal Server and Sharepoint Team Services Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache. network microsoft | 4.3 |
| 2005-05-02 | CVE-2005-0035 | Information Disclosure vulnerability in Adobe Acrobat Reader ActiveX Control LoadFile The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and earlier, when used with Internet Explorer, allows remote attackers to determine the existence of arbitrary files via the LoadFile ActiveX method. | 5.1 |
| 2005-05-02 | CVE-2005-0034 | Remote Denial Of Service vulnerability in ISC Bind 9.3.0 An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail. network isc | 4.3 |
| 2005-05-02 | CVE-2005-0033 | Remote Buffer Overflow vulnerability in ISC Bind 8.4.4/8.4.5 Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns array that tracks nameservers and addresses. | 5.0 |
| 2005-05-02 | CVE-2005-0022 | Remote Buffer Overflow vulnerability in University of Cambridge Exim 4.41/4.42 Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication. | 4.6 |
| 2005-05-02 | CVE-2005-0001 | Local Privilege Escalation vulnerability in Linux Kernel Symmetrical Multiprocessing Page Fault Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion. | 6.9 |
| 2005-05-02 | CVE-2001-1420 | Denial of Service vulnerability in AOL Instant Messenger 4.7 AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a long filename, possibly caused by a buffer overflow. | 5.0 |
| 2005-05-02 | CVE-1999-1557 | Denial-Of-Service vulnerability in Ipswitch Imail 5.0 Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password. | 5.0 |
| 2005-05-02 | CVE-1999-1374 | Unspecified vulnerability in Arpanet Perlshop perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root, which allows remote attackers to obtain that information via an HTTP request. | 5.0 |
| 2005-04-29 | CVE-2005-1063 | Unspecified vulnerability in Kerio products The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consumption) via certain attacks that force the product to "compute unexpected conditions" and "perform cryptographic operations." | 5.0 |