Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-02-22 | CVE-2005-0160 | Remote Buffer Overflow vulnerability in E-Merge Unace 1.2B Multiple buffer overflows in unace 1.2b allow attackers to execute arbitrary code via (1) 2 overflows in ACE archives, (2) a long command line argument, or (3) certain "Ready for next volume" messages. | 5.1 |
| 2005-02-21 | CVE-2005-0503 | uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges. | 4.6 |
| 2005-02-20 | CVE-2005-0499 | Denial-Of-Service vulnerability in Gigafast Router Gigafast router (aka CompUSA router) with the DNS proxy option enabled allows remote attackers to cause a denial of service via malformed DNS queries. | 5.0 |
| 2005-02-19 | CVE-2005-0495 | Cross-Site Scripting vulnerability in Zeroboard Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php. network zeroboard | 4.3 |
| 2005-02-18 | CVE-2005-0502 | Directory Traversal vulnerability in Xinkaa web Station Xinkaa web Station 1.0.3 Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows remote attackers to read arbitrary files via (1) ../ and (2) ..\ characters in an HTTP request. | 5.0 |
| 2005-02-18 | CVE-2005-0242 | Unspecified vulnerability in Yahoo Messenger The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions. | 4.6 |
| 2005-02-17 | CVE-2005-0462 | Cross-Site Scripting vulnerability in Mercuryboard 1.0/1.1/1.1.1 Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and 1.1.x allows remote attackers to inject arbitrary HTML and web script via the f parameter. network mercuryboard | 4.3 |
| 2005-02-17 | CVE-2005-0243 | Unspecified vulnerability in Yahoo Messenger Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions. | 5.0 |
| 2005-02-16 | CVE-2005-0453 | Remote Security vulnerability in Lighttpd 1.3.7 The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension. | 5.0 |
| 2005-02-16 | CVE-2005-0452 | Cross-Site Scripting vulnerability in Microsoft ASP.NET Unicode Character Conversion Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". network microsoft | 4.3 |