Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2005-11-21 CVE-2005-3730 Cross-Site Scripting vulnerability in Revize CMS HTTPTranslatorServlet
Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly involving setWebSpace.jsp.
network
revize-cms
4.3
2005-11-21 CVE-2005-3729 Information Disclosure vulnerability in Revize CMS
Idetix Software Systems Revize CMS allows remote attackers to obtain sensitive information via direct requests to files in the revize/debug directory, such as (1) apptables.html and (2) main.html.
network
low complexity
revize-cms
5.0
2005-11-21 CVE-2005-3728 Information Disclosure vulnerability in Revize CMS Revize.XML
Idetix Software Systems Revize CMS stores conf/revize.xml under the web document root with insufficient access control, which allows remote attackers to obtain sensitive configuration information.
network
low complexity
revize-cms
5.0
2005-11-21 CVE-2005-3725 Information Disclosure vulnerability in Zyxel Prestige 2000W V.1Voip Wi-Fi Phone Wj.00.10
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers.
network
low complexity
zyxel
6.4
2005-11-21 CVE-2005-3724 Information Exposure vulnerability in Zyxel products
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.
network
low complexity
zyxel CWE-200
6.4
2005-11-21 CVE-2005-3721 Remote Security vulnerability in Ip5000 Voip Wifi Phone
The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration.
network
low complexity
hitachi
5.0
2005-11-21 CVE-2005-3720 Information Disclosure vulnerability in Hitachi Ip5000 Voip Wifi Phone 1.5.6
The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 lists sensitive information such as software versions.
network
low complexity
hitachi
5.0
2005-11-21 CVE-2005-3719 Information Disclosure vulnerability in Hitachi Ip5000 Voip Wifi Phone 1.5.6
Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator password of "0000", which allows attackers with physical access to obtain sensitive information and modify the phone's configuration.
local
low complexity
hitachi
4.6
2005-11-21 CVE-2005-3699 Unspecified vulnerability in Opera Browser
Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.
network
low complexity
opera
5.0
2005-11-20 CVE-2005-3695 Cross-Site Scripting vulnerability in Litespeed Technologies Litespeed web Server 2.1.5
Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
4.3