Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-11-21 | CVE-2005-3730 | Cross-Site Scripting vulnerability in Revize CMS HTTPTranslatorServlet Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly involving setWebSpace.jsp. network revize-cms | 4.3 |
2005-11-21 | CVE-2005-3729 | Information Disclosure vulnerability in Revize CMS Idetix Software Systems Revize CMS allows remote attackers to obtain sensitive information via direct requests to files in the revize/debug directory, such as (1) apptables.html and (2) main.html. | 5.0 |
2005-11-21 | CVE-2005-3728 | Information Disclosure vulnerability in Revize CMS Revize.XML Idetix Software Systems Revize CMS stores conf/revize.xml under the web document root with insufficient access control, which allows remote attackers to obtain sensitive configuration information. | 5.0 |
2005-11-21 | CVE-2005-3725 | Information Disclosure vulnerability in Zyxel Prestige 2000W V.1Voip Wi-Fi Phone Wj.00.10 Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. | 6.4 |
2005-11-21 | CVE-2005-3724 | Information Exposure vulnerability in Zyxel products Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication. | 6.4 |
2005-11-21 | CVE-2005-3721 | Remote Security vulnerability in Ip5000 Voip Wifi Phone The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration. | 5.0 |
2005-11-21 | CVE-2005-3720 | Information Disclosure vulnerability in Hitachi Ip5000 Voip Wifi Phone 1.5.6 The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 lists sensitive information such as software versions. | 5.0 |
2005-11-21 | CVE-2005-3719 | Information Disclosure vulnerability in Hitachi Ip5000 Voip Wifi Phone 1.5.6 Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator password of "0000", which allows attackers with physical access to obtain sensitive information and modify the phone's configuration. | 4.6 |
2005-11-21 | CVE-2005-3699 | Unspecified vulnerability in Opera Browser Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. | 5.0 |
2005-11-20 | CVE-2005-3695 | Cross-Site Scripting vulnerability in Litespeed Technologies Litespeed web Server 2.1.5 Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter. network litespeed-technologies | 4.3 |