Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-1028 | Information Exposure vulnerability in PHPnuke PHP-Nuke PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. | 5.0 |
| 2005-05-02 | CVE-2005-1027 | Cross-Site Scripting vulnerability in PHP-Nuke Modules.PHP Username URI Parameter Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module. network francisco-burzi | 4.3 |
| 2005-05-02 | CVE-2005-1025 | Information Disclosure vulnerability in IBM Iseries AS 400 4.3 The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library. | 5.0 |
| 2005-05-02 | CVE-2005-1024 | Unspecified vulnerability in Francisco Burzi PHP-Nuke modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message. | 5.0 |
| 2005-05-02 | CVE-2005-1023 | Unspecified vulnerability in Francisco Burzi PHP-Nuke Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. network francisco-burzi | 4.3 |
| 2005-05-02 | CVE-2005-1022 | Unspecified vulnerability in Macromedia Coldfusion 6.1 ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. | 5.0 |
| 2005-05-02 | CVE-2005-1016 | Input Validation vulnerability in MaxWebPortal Events And Links Interface Cross-site scripting (XSS) vulnerability in links_add_form.asp for MaxWebPortal 1.33 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URL in a banner URL. network maxwebportal | 4.3 |
| 2005-05-02 | CVE-2005-1013 | Denial Of Service vulnerability in MailEnable SMTP Malformed EHLO Request The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a denial of service (server crash) via an EHLO command with a Unicode string. | 5.0 |
| 2005-05-02 | CVE-2005-1012 | Cross-Site Scripting vulnerability in SiteEnable Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows remote attackers to inject arbitrary web script or HTML via (1) the contenttype parameter to content.asp, (2) the title, or (3) the description. network iatek | 4.3 |
| 2005-05-02 | CVE-2005-1010 | HTML Injection vulnerability in Comersus Open Technologies Comersus Cart 6.0.3 Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username. network comersus-open-technologies | 4.3 |