Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-03-08 | CVE-2005-0723 | Cross-Site Scripting vulnerability in PHP Arena Pafiledb 3.1 Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php. network php-arena | 4.3 |
| 2005-03-08 | CVE-2005-0098 | Unspecified vulnerability in Abuse Abuse-Sdl Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before 2.00 allow local users to execute arbitrary code via the command line. | 4.6 |
| 2005-03-07 | CVE-2005-0722 | Remote Security vulnerability in Experience2 eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message. | 5.0 |
| 2005-03-07 | CVE-2005-0703 | Remote Security vulnerability in WorkCentre 40 Color Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an "unauthenticated account," which allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-1179. | 5.0 |
| 2005-03-07 | CVE-2005-0702 | SQL-Injection vulnerability in phpMyFAQ SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages. | 5.0 |
| 2005-03-07 | CVE-2005-0701 | Unspecified vulnerability in Oracle Database Server Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename. | 5.0 |
| 2005-03-07 | CVE-2005-0700 | Unspecified vulnerability in Aztek Forum Aztek Forum 4.0 The export_index action in myadmin.php for Aztek Forum 4.0 allows remote attackers to obtain database files, possibly by setting the ATK_ADMIN cookie. | 5.0 |
| 2005-03-07 | CVE-2005-0698 | Remote File Include vulnerability in Jason Hines PHPWebLog PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) G_PATH parameter to init.inc.php or the (2) PATH parameter to index.php to reference a URL on a remote web server that contains the code. | 4.6 |
| 2005-03-07 | CVE-2005-0695 | Remote Security vulnerability in Hosting Controller The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the "login ID" field. | 5.0 |
| 2005-03-07 | CVE-2005-0694 | Information Disclosure vulnerability in Hosting Controller Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv. | 5.0 |