Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0442 | Multiple vulnerability in Brooky Cubecart 2.0.1/2.0.4 Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter. | 5.0 |
| 2005-05-02 | CVE-2005-0438 | Information Disclosure vulnerability in Awstats 6.3/6.4 awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter. | 5.0 |
| 2005-05-02 | CVE-2005-0435 | Remote Security vulnerability in Awstats 6.3/6.4 awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog. | 5.0 |
| 2005-05-02 | CVE-2005-0432 | Remote Security vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks. | 5.0 |
| 2005-05-02 | CVE-2005-0429 | Remote Command Execution vulnerability in VBulletin Forumdisplay.PHP Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter. | 5.0 |
| 2005-05-02 | CVE-2005-0428 | Remote Denial of Service vulnerability in Powerdns 2.0Rc1/2.8/2.9.15 The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes. | 5.0 |
| 2005-05-02 | CVE-2005-0427 | Remote Security vulnerability in webmin-1.140.ebuild The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password. | 5.0 |
| 2005-05-02 | CVE-2005-0426 | Local Denial Of Service vulnerability in Sun Solaris UDP Processing Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference. | 5.0 |
| 2005-05-02 | CVE-2005-0425 | Remote Security vulnerability in Websphere Application Server 5.0/5.1.0/6.0 Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine. | 5.0 |
| 2005-05-02 | CVE-2005-0407 | HTML Injection vulnerability in OpenConf Paper Submission Cross-site scripting (XSS) vulnerability in Openconf 1.04, and possibly other versions before 1.10, allows remote attackers to inject arbitrary HTML and web script via the paper title. network zakon-group | 4.3 |