Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0461 | Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote attackers to "take actions on comments." | 5.0 |
| 2005-05-02 | CVE-2005-0460 | Information Disclosure vulnerability in Mercuryboard 1.0/1.1/1.1.1 index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to obtain sensitive information by setting the debug parameter. | 5.0 |
| 2005-05-02 | CVE-2005-0459 | Remote Security vulnerability in phpMyAdmin phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message. | 5.0 |
| 2005-05-02 | CVE-2005-0458 | Cross-Site Scripting vulnerability in Oscommerce 2.2Ms2 Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter. network oscommerce | 4.3 |
| 2005-05-02 | CVE-2005-0455 | Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value. | 5.1 |
| 2005-05-02 | CVE-2005-0451 | Denial-Of-Service vulnerability in Sami Http Server 1.0.5 Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of service via an HTTP request containing two CRLF sequences, which triggers a NULL dereference. | 5.0 |
| 2005-05-02 | CVE-2005-0450 | Directory Traversal vulnerability in Sami Http Server 1.0.5 Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows remote attackers to read arbitrary files via an HTTP request containing (1) .. | 5.0 |
| 2005-05-02 | CVE-2005-0446 | Remote Denial Of Service vulnerability in Squid Proxy DNS Name Resolver Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure. | 5.0 |
| 2005-05-02 | CVE-2005-0445 | Cross-Site Scripting vulnerability in Open WebMail Logindomain Parameter Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page. network open-webmail | 4.3 |
| 2005-05-02 | CVE-2005-0443 | Multiple vulnerability in Brooky Cubecart 2.0.1/2.0.4 index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message. network devellion | 4.3 |