Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0404 | KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email. | 5.0 |
| 2005-05-02 | CVE-2005-0401 | Remote Insecure XUL Start Up Script Loading vulnerability in Mozilla Browser FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2." | 5.1 |
| 2005-05-02 | CVE-2005-0399 | Remote Heap Overflow vulnerability in Mozilla Firefox, Mozilla and Thunderbird Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size. | 5.1 |
| 2005-05-02 | CVE-2005-0391 | Unspecified vulnerability in Daniel DE Rauglaudre Geneweb geneweb 4.10 and earlier does not properly check file permissions and content during conversion, which allows attackers to modify arbitrary files. | 5.0 |
| 2005-05-02 | CVE-2005-0386 | Unspecified vulnerability in Mailreader.Com Cross-site scripting (XSS) vulnerability in network.cgi in mailreader before 2.3.29 earlier allows remote attackers to inject arbitrary web script or HTML via MIME text/enriched or text/richtext messages. network mailreader-com | 4.3 |
| 2005-05-02 | CVE-2005-0382 | Remote Denial of Service vulnerability in Breed Patch1 Breed patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via an empty UDP packet, which triggers a null dereference. | 5.0 |
| 2005-05-02 | CVE-2005-0379 | File Disclosure vulnerability in Zeroboard Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a .. | 5.0 |
| 2005-05-02 | CVE-2005-0378 | Cross-Site Scripting vulnerability in Horde 3.0 Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php. network horde | 4.3 |
| 2005-05-02 | CVE-2005-0375 | Information Disclosure vulnerability in Sergey Kiselev Sgallery 1.01 imageview.php in SGallery 1.01 allows remote attackers to obtain sensitive information via an HTTP request with (1) idalbum and (2) idimage unset, which reveals the installation path in an error message for the sql_fetch_row function. | 5.0 |
| 2005-05-02 | CVE-2005-0374 | Unspecified vulnerability in Bitshifters Bitboard 2.0/2.5 Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via an [img] bbcode image tag with an event such as mouseover. network bitshifters | 4.3 |