Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-07-05 | CVE-2005-2115 | Denial-Of-Service vulnerability in Soldier Of Fortune 2 Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server crash) via a large ID value in the ignore command, which is used as an array index and causes an out-of-bounds operation. | 5.0 |
| 2005-07-05 | CVE-2005-2114 | Denial-Of-Service vulnerability in Firefox Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function. | 5.0 |
| 2005-07-05 | CVE-2005-2112 | Cross-Site Scripting vulnerability in Xoops Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php. network xoops | 4.3 |
| 2005-07-05 | CVE-2005-2110 | Information Disclosure vulnerability in WordPress WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. | 5.0 |
| 2005-07-05 | CVE-2005-2109 | Denial-Of-Service vulnerability in WordPress wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use. | 5.0 |
| 2005-07-05 | CVE-2005-2107 | Cross-Site Scripting vulnerability in WordPress Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter. network wordpress | 4.3 |
| 2005-07-05 | CVE-2005-2106 | Unspecified vulnerability in Drupal Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting. | 5.0 |
| 2005-07-05 | CVE-2005-2094 | Cross-Site Scripting vulnerability in SUN ONE web Server 6.1 Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." network sun | 4.3 |
| 2005-07-05 | CVE-2005-2093 | Unspecified vulnerability in Oracle Application Server 9.0.2 Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." network oracle | 4.3 |
| 2005-07-05 | CVE-2005-2092 | Cross-Site Scripting vulnerability in BEA Weblogic Server 8.1 BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." network bea | 4.3 |