Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-16 | CVE-2005-1599 | HTML Injection vulnerability in Kryloff Technologies Subject Search Server 1.1 Cross-site scripting (XSS) vulnerability in Kryloff Technologies Subject Search Server (SSServer) 1.1 allows remote attackers to inject arbitrary web script or HTML via the "Search For" field. network kryloff-technologies | 4.3 |
| 2005-05-16 | CVE-2005-1597 | Cross-Site Scripting vulnerability in Invision Power Board Topics.PHP Highlite Parameter Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter. network invision-power-services | 4.3 |
| 2005-05-16 | CVE-2005-1595 | Input Validation vulnerability in Codethat Shoppingcart 1.3.1 CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request. | 5.0 |
| 2005-05-16 | CVE-2005-1593 | Input Validation vulnerability in Codethat Shoppingcart 1.3.1 Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. network codethat | 6.8 |
| 2005-05-16 | CVE-2005-1591 | Denial-Of-Service vulnerability in Solaris Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (rpc.nisd disabled and NIS+ unavailable) via unknown vectors. | 5.0 |
| 2005-05-16 | CVE-2005-1590 | Local Security vulnerability in Deployment Solution The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070. | 4.6 |
| 2005-05-14 | CVE-2005-1587 | Cross-Site Scripting vulnerability in Open Solution Quick.Cart 0.3.0 Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter. network open-solution | 4.3 |
| 2005-05-14 | CVE-2005-1586 | Information Disclosure vulnerability in Open Solution Quick.Forum 2.1.6 Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files. | 5.0 |
| 2005-05-14 | CVE-2005-1584 | HTML Injection vulnerability in Open Solution Quick.Forum 2.1.6 Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action. network open-solution | 4.3 |
| 2005-05-14 | CVE-2005-1583 | Remote Security vulnerability in 1Two News 1.0 1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php. | 5.0 |