Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0659 | Information Disclosure vulnerability in phpBB phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message. | 5.0 |
| 2005-05-02 | CVE-2005-0657 | Denial-Of-Service vulnerability in Computalynx Cproxy 3.3/3.4/3.4.4 Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4.x through 3.4.4 allows remote attackers to read arbitrary files or cause a denial of service (application crash) via a .. | 6.4 |
| 2005-05-02 | CVE-2005-0656 | Cross-Site Scripting vulnerability in Arif Supriyanto Auracms 1.5 Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php, or (3) theCount parameter to counter.php. network arif-supriyanto | 4.3 |
| 2005-05-02 | CVE-2005-0655 | Information Disclosure vulnerability in Arif Supriyanto Auracms 1.5 auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message. | 5.0 |
| 2005-05-02 | CVE-2005-0654 | Unspecified vulnerability in Gimp 2.0.5/2.2.3/2.2.4 gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or local users to cause a denial of service (application crash) via the image descriptor (1) height or (2) width fields set to zero. | 5.0 |
| 2005-05-02 | CVE-2005-0653 | Local Security vulnerability in PHPmyadmin 2.6.1 phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. | 4.6 |
| 2005-05-02 | CVE-2005-0650 | Remote Cross-Site Scripting vulnerability in Projectbb 0.4.5.1 Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) the pages parameter to divers.php (incorrectly referred to as "drivers.php" by some sources), (2) in the search feature text area, (3) forum name, (4) site name or (5) the maximum avatar size in the option section, (5) new category or (6) new forum fields in the forum section. network projectbb | 4.3 |
| 2005-05-02 | CVE-2005-0649 | Cross-Site Scripting vulnerability in Safehtml Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities." network pixel-apes-group | 4.3 |
| 2005-05-02 | CVE-2005-0648 | Cross-Site Scripting vulnerability in Pixel-Apes Group Safehtml 1.3.0 Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow remote attackers to bypass cross-site scripting (XSS) protection via (1) "decimal HTML entities" or (2) "the \x00 symbol." network pixel-apes-group | 4.3 |
| 2005-05-02 | CVE-2005-0647 | Remote Security vulnerability in PHP Arena Panews 2.0.4B admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. | 5.0 |