Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-04-10 | CVE-2005-1064 | Unspecified vulnerability in Rsnapshot Filesystem Snapshot Utility The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 changes the ownership of files that a symlink points to rather than the symlink itself, which allows local users to obtain access to arbitrary files. | 4.6 |
| 2005-04-08 | CVE-2005-1094 | FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. | 4.6 |
| 2005-04-08 | CVE-2005-1072 | Cross-Site Scripting vulnerability in Punbb Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML. network punbb | 4.3 |
| 2005-04-07 | CVE-2005-1087 | Unspecified vulnerability in AN An-Httpd 1.42N CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request. | 6.4 |
| 2005-04-07 | CVE-2005-0351 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SCO Openserver 5.0.6/5.0.7 Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO OpenServer 5.0.6 and 5.0.7 might allow local users to execute arbitrary code via a long HOME environment variable. | 4.6 |
| 2005-03-30 | CVE-2005-0943 | Remote Denial of Service vulnerability in Cisco VPN 3000 Concentrator Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet. | 5.0 |
| 2005-03-30 | CVE-2005-0487 | Cross-Site Scripting vulnerability in Kayako Esupport 2.3.1 Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter. network kayako | 6.8 |
| 2005-03-30 | CVE-2005-0485 | Cross-Site Scripting vulnerability in PHParena Panews 2.0B4 Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter. | 6.8 |
| 2005-03-30 | CVE-2005-0483 | Directory Traversal vulnerability in glFTPD ZIP Plugins Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. | 5.0 |
| 2005-03-30 | CVE-2005-0482 | Remote vulnerability in TrackerCam TrackerCam 5.12 and earlier allows remote attackers to cause a denial of service (crash) via (1) a large number of connections with a negative Content-Length header, possibly triggering an integer signedness error, or (2) a large amount of data. | 5.0 |