Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-04-19 | CVE-2005-0755 | Unspecified vulnerability in Realnetworks Helix Player, Realone Player and Realplayer Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file. | 5.1 |
| 2005-04-19 | CVE-2004-1341 | Unspecified vulnerability in Roar Smith Info2Www 1.2.2.9 Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www. network roar-smith | 4.3 |
| 2005-04-18 | CVE-2005-1138 | Denial-Of-Service vulnerability in Kerio Mailserver Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allows remote attackers to cause a denial of service (CPU consumption) via certain e-mail messages. | 5.0 |
| 2005-04-15 | CVE-2005-1140 | HTML Injection vulnerability in Mywebland Mybloggie 2.1.1 Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the comments. network mywebland | 4.3 |
| 2005-04-14 | CVE-2005-1136 | Information Disclosure vulnerability in Sphpblog 0.4.0 Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files. | 5.0 |
| 2005-04-14 | CVE-2005-1118 | Remote Cross-Site Scripting vulnerability in RSA Authentication Agent for web 5.2 Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter. network rsa | 4.3 |
| 2005-04-14 | CVE-2005-1043 | exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. | 5.0 |
| 2005-04-14 | CVE-2005-0718 | Remote Denial Of Service vulnerability in Squid Proxy Aborted Connection Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory. | 5.0 |
| 2005-04-14 | CVE-2005-0131 | Remote vulnerability in Berlios Konversation 0.15 The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users. | 5.0 |
| 2005-04-14 | CVE-2005-0112 | Information Disclosure vulnerability in 3Com OfficeConnect Wireless 11g Access Point 3Crwe454G72 1.0.2/1.0.2.11/1.0.3.5 The web-based administrative interface for 3Com OfficeConnect Wireless 11g Access Point (AP) 1.00.08, and possibly earlier versions before 1.03.07A, allows remote attackers to bypass authentication and obtain sensitive information by directly accessing the (1) config.bin (2) profile.wlp?PN=ggg or (3) event.logs URLs. | 5.0 |