Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-04-08 | CVE-2005-1072 | Cross-Site Scripting vulnerability in Punbb Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML. network punbb | 4.3 |
| 2005-04-07 | CVE-2005-1087 | Unspecified vulnerability in AN An-Httpd 1.42N CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request. | 6.4 |
| 2005-04-07 | CVE-2005-0351 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SCO Openserver 5.0.6/5.0.7 Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO OpenServer 5.0.6 and 5.0.7 might allow local users to execute arbitrary code via a long HOME environment variable. | 4.6 |
| 2005-03-30 | CVE-2005-0943 | Remote Denial of Service vulnerability in Cisco VPN 3000 Concentrator Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet. | 5.0 |
| 2005-03-30 | CVE-2005-0487 | Cross-Site Scripting vulnerability in Kayako Esupport 2.3.1 Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter. network kayako | 6.8 |
| 2005-03-30 | CVE-2005-0485 | Cross-Site Scripting vulnerability in PHParena Panews 2.0B4 Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter. | 6.8 |
| 2005-03-30 | CVE-2005-0483 | Directory Traversal vulnerability in glFTPD ZIP Plugins Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. | 5.0 |
| 2005-03-30 | CVE-2005-0482 | Remote vulnerability in TrackerCam TrackerCam 5.12 and earlier allows remote attackers to cause a denial of service (crash) via (1) a large number of connections with a negative Content-Length header, possibly triggering an integer signedness error, or (2) a large amount of data. | 5.0 |
| 2005-03-30 | CVE-2005-0481 | Remote vulnerability in TrackerCam TrackerCam 5.12 and earlier allows remote attackers to read log files via the fn parameter in a direct request to the ComGetLogFile.php3 script. | 5.0 |
| 2005-03-30 | CVE-2005-0480 | Remote vulnerability in TrackerCam Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not properly handled when the administrator views the log file. network trackercam | 4.3 |