Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-03 | CVE-2005-1443 | Cross-Site Scripting vulnerability in Invision Power Board Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters. network invision-power-services | 6.8 |
| 2005-05-03 | CVE-2005-1442 | Local NOTES.INI Buffer Overflow vulnerability in IBM Lotus Notes Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file. | 4.6 |
| 2005-05-03 | CVE-2005-1441 | Remote Procedure Call Remote Format String vulnerability in IBM Lotus Domino Server Notes Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC). | 5.0 |
| 2005-05-03 | CVE-2005-1440 | Cross-Site Scripting and HTML Injection vulnerability in Codetosell Viart Shop Enterprise 2.1.6 Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php. network codetosell | 6.8 |
| 2005-05-03 | CVE-2005-1436 | Cross-Site Scripting vulnerability in Osticket 1.2.7/1.3.0 Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket. network osticket | 6.8 |
| 2005-05-03 | CVE-2005-1433 | Denial-Of-Service vulnerability in OpenView Event Correlation Services 3.2/3.3 Multiple unknown vulnjerabilities HP OpenView Event Correlation Services (OV ECS) 3.32 and 3.33 allow attackers to cause a denial of service or execute arbitrary code. | 4.6 |
| 2005-05-03 | CVE-2005-1431 | Denial of Service vulnerability in GNUTLS Padding The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c. | 5.0 |
| 2005-05-03 | CVE-2005-1426 | Uapplication Ublog Reload stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/blog.mdb (aka mdb-database/blog.msb). | 5.0 |
| 2005-05-03 | CVE-2005-1425 | Permissions, Privileges, and Access Controls vulnerability in Uapplication Uguestbook 1.0 Uapplication Uguestbook 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/guestbook.mdb. | 5.0 |
| 2005-05-03 | CVE-2005-1423 | Denial-Of-Service vulnerability in Software602 602Lan Suite 2004.0.05.0413 Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. | 6.4 |