Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0709 | Code Injection vulnerability in multiple products MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit. | 4.6 |
| 2005-05-02 | CVE-2005-0682 | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs. network drupal | 4.3 |
| 2005-05-02 | CVE-2005-0677 | Remote Security vulnerability in PHPoutsourcing Zorum 3.5 index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter. | 5.0 |
| 2005-05-02 | CVE-2005-0675 | Cross-Site Scripting vulnerability in PHPoutsourcing Zorum 3.3/3.4/3.5 Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 allows remote attackers to inject arbitrary web script or HTML via the (1) list or (2) frommethod parameters. network phpoutsourcing | 4.3 |
| 2005-05-02 | CVE-2005-0673 | Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.13 Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php. network phpbb-group | 4.3 |
| 2005-05-02 | CVE-2005-0670 | Remote Input Validation vulnerability in PHPcoin 1.2/1.2.1/1.2.1B Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts. network coinsoft-technologies | 4.3 |
| 2005-05-02 | CVE-2005-0666 | Privilege Escalation vulnerability in PaX VMA Mirroring Unknown vulnerability in PaX from the September 2003 release to 2.2 before 2005.03.05, related to SEGMEXEC or RANDEXEC and VMA mirroring, allows local users and possibly remote attackers to bypass intended access restrictions and execute arbitrary code. | 4.6 |
| 2005-05-02 | CVE-2005-0665 | Unspecified vulnerability in John Bradley XV 3.10A Format string vulnerability in xv before 3.10a allows remote attackers to execute arbitrary code via format string specifiers in a filename. | 5.1 |
| 2005-05-02 | CVE-2005-0662 | Cross-Site Scripting vulnerability in Mercuryboard 1.1.2 Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the Avatar field. network mercuryboard | 4.3 |
| 2005-05-02 | CVE-2005-0660 | Cross-Site Scripting vulnerability in Adalis D-Forum 1.11 Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3. network adalis | 4.3 |