Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-04-27 | CVE-2005-0424 | Remote vulnerability in Aspjar Guestbook 1.0 Unknown vulnerability in the delete.asp program in certain versions of ASPjar Guestbook allows remote attackers to delete messages. | 5.0 |
2005-04-27 | CVE-2005-0423 | Remote vulnerability in Aspjar Guestbook 1.0 SQL injection vulnerability in login.asp in ASPjar Guestbook allows remote attackers to execute arbitrary SQL commands via the password field. | 5.0 |
2005-04-27 | CVE-2005-0420 | Open Redirect vulnerability in Microsoft Exchange Server 2003 Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application. | 5.8 |
2005-04-27 | CVE-2005-0415 | Denial-Of-Service vulnerability in Emdros Database Engine Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow remote attackers to cause a denial of service (memory consumption) via malformed MQL statements. | 5.0 |
2005-04-27 | CVE-2005-0412 | Cross-Site Scripting vulnerability in Postwrap Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows remote attackers to inject arbitrary HTML and web script via the page parameter. network spidean | 6.8 |
2005-04-27 | CVE-2005-0229 | Remote Information Disclosure vulnerability in CitrusDB Credit Card Data CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt. | 5.0 |
2005-04-27 | CVE-2005-0159 | Insecure Temporary File Creation vulnerability in Debian Toolchain-Source The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.6 |
2005-04-27 | CVE-2005-0087 | The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library. | 4.6 |
2005-04-27 | CVE-2005-0085 | Cross-Site Scripting vulnerability in Dig Config Parameter Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. | 6.8 |
2005-04-27 | CVE-2005-0019 | Local Arbitrary Command Execution vulnerability in Yongguang Zhang Hztty 2.0 Unknown vulnerability in hztty 2.0 and earlier allows local users to execute arbitrary commands. | 4.6 |