Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-04-12 | CVE-2005-1144 | Information Disclosure vulnerability in EasyPHPCalendar popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to obtain sensitive information via an invalid ev parameter, which reveals the full pathname of the web server in a PHP error message. | 5.0 |
| 2005-04-12 | CVE-2005-1143 | Cross-Site Scripting vulnerability in EasyPHPCalendar Cross-site scripting (XSS) vulnerability in index.php in EasyPHPCalendar before 6.2.8 allows remote attackers to inject arbitrary web script or HTML via the yr parameter. network easyphpcalendar | 4.3 |
| 2005-04-12 | CVE-2005-1130 | Cross-Site Scripting vulnerability in Pinnacle Cart Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart allows remote attackers to inject arbitrary web script or HTML via the pg parameter. network desert-dog-software | 4.3 |
| 2005-04-12 | CVE-2005-1103 | Unspecified vulnerability in Sygate Technologies Security Agent Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through 4.1 does not prevent the security policy from being updated by unprivileged users, which allows local users to modify the policy by exporting the policy file, changing it, and importing it back into SSA. | 4.6 |
| 2005-04-12 | CVE-2005-1077 | Remote HTML Injection vulnerability in XAMPP CDS.PHP Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via (1) cds.php, (2) Guestbook-EN.pl, or (3) phonebook.php. network xampp | 4.3 |
| 2005-04-12 | CVE-2004-0791 | Remote Denial Of Service vulnerability in Multiple Vendor TCP/IP Implementation ICMP Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. | 5.0 |
| 2005-04-12 | CVE-2004-0790 | Remote Denial Of Service vulnerability in Multiple Vendor TCP/IP Implementation ICMP Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. | 5.0 |
| 2005-04-11 | CVE-2005-1089 | Unspecified vulnerability in Dc++ Unknown vulnerability in DC++ before 0.674 allows attackers to append data to arbitrary files. | 5.0 |
| 2005-04-10 | CVE-2005-1064 | Unspecified vulnerability in Rsnapshot Filesystem Snapshot Utility The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 changes the ownership of files that a symlink points to rather than the symlink itself, which allows local users to obtain access to arbitrary files. | 4.6 |
| 2005-04-08 | CVE-2005-1094 | FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. | 4.6 |