Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-1000 | Unspecified vulnerability in Francisco Burzi PHP-Nuke 7.6 Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module. network francisco-burzi | 4.3 |
| 2005-05-02 | CVE-2005-0998 | Information Disclosure vulnerability in Francisco Burzi PHP-Nuke 7.6 The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server. | 5.0 |
| 2005-05-02 | CVE-2005-0996 | Unspecified vulnerability in Francisco Burzi PHP-Nuke 7.6 Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in the search function. | 5.0 |
| 2005-05-02 | CVE-2005-0995 | Input Validation vulnerability in Early Impact Productcart 2.7 Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter to advSearch_h.asp, (2) the redirectUrl parameter to NewCust.asp, (3) the country parameter to storelocator_submit.asp, or (4) the error parameter to techErr.asp. network early-impact | 4.3 |
| 2005-05-02 | CVE-2005-0993 | Local Buffer Overflow vulnerability in SCO OpenServer NWPrint Command Line Argument Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users to execute arbitrary code via a long command line argument. | 4.6 |
| 2005-05-02 | CVE-2005-0992 | Cross-Site Scripting vulnerability in PHPMyAdmin Convcharset Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter. network phpmyadmin | 4.3 |
| 2005-05-02 | CVE-2005-0989 | The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method. | 5.0 |
| 2005-05-02 | CVE-2005-0987 | Remote Security vulnerability in Nickserv Listlinks Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 allows remote attackers to obtain the links of a nick. | 5.0 |
| 2005-05-02 | CVE-2005-0984 | Buffer Overflow vulnerability in Lucasarts Star Wars Jedi Knight Jedi Academy 1.0.11 Buffer overflow in the G_Printf function in Star Wars Jedi Knight: Jedi Academy 1.011 and earlier allows remote attackers to execute arbitrary code via a long message using commands such as (1) say and (2) tell. | 5.0 |
| 2005-05-02 | CVE-2005-0983 | Denial of Service vulnerability in Quake 3 Engine Message Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data. | 5.0 |