Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-03-07 | CVE-2005-0667 | Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message. | 5.1 |
| 2005-03-07 | CVE-2005-0548 | Unspecified vulnerability in SUN Solaris Answerbook2 Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function. network sun | 4.3 |
| 2005-03-06 | CVE-2005-0692 | Cross-Site Scripting vulnerability in PHP Fusion PHP Fusion 5.0 Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript. network php-fusion | 4.3 |
| 2005-03-06 | CVE-2005-0681 | Remote Denial Of Service vulnerability in Nokia Series 60 Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname. | 5.0 |
| 2005-03-05 | CVE-2005-0688 | Unspecified vulnerability in Microsoft Windows 2003 Server and Windows XP Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016). | 5.0 |
| 2005-03-05 | CVE-2005-0109 | Information Disclosure vulnerability in Multiple Vendor Hyper-Threading Technology Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses. | 4.7 |
| 2005-03-03 | CVE-2005-0674 | HTML Injection vulnerability in PHP Arena Pabox 1.6 Cross-site scripting (XSS) vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request. network php-arena | 4.3 |
| 2005-03-02 | CVE-2005-0641 | Unspecified vulnerability in Broadcom Unicenter Asset Management 4.0 Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template. network broadcom | 4.3 |
| 2005-03-02 | CVE-2005-0640 | Unspecified vulnerability in Broadcom Unicenter Asset Management 4.0 Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain methods. | 4.6 |
| 2005-03-01 | CVE-2005-0632 | Remote File Include vulnerability in PHPnews 1.2.3/1.2.4 PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 and possibly 1.2.3, allows remote attackers to execute arbitrary PHP code via the path parameter. | 5.0 |