Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-03-26 | CVE-2005-0914 | Cross-Site Scripting vulnerability in Cpg-Nuke CPG Dragonfly CMS 9.0.2.0 Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat parameter. network cpg-nuke | 4.3 |
2005-03-26 | CVE-2005-0900 | Information Disclosure vulnerability in Nukebookmarks 0.6 marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to obtain sensitive information via an invalid (1) file or (2) category parameter, which reveal the path in an error message. | 5.0 |
2005-03-26 | CVE-2005-0898 | Cross-Site Scripting vulnerability in Magicscripts E-Store Kit-2 Paypal Cross-site scripting (XSS) vulnerability in downloadform.php in E-Store Kit-2 PayPal Edition allows remote attackers to inject arbitrary web script or HTML via the txn_id parameter. network magicscripts | 4.3 |
2005-03-25 | CVE-2005-0587 | Link Following vulnerability in Mozilla Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file. | 6.5 |
2005-03-24 | CVE-2005-0889 | Cross-Site Scripting vulnerability in Dream4 Koobi CMS 4.2.3 Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi CMS 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the area parameter. network dream4 | 4.3 |
2005-03-23 | CVE-2005-0883 | Cross-Site Scripting vulnerability in Digitalhive 2.0 Multiple cross-site scripting (XSS) vulnerabilities in base.php for DigitalHive 2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the mt parameter to the membres.php page or (2) the -afs-1- query string to the msg.php page. network digitalhive | 4.3 |
2005-03-23 | CVE-2005-0881 | Cross-Site Scripting vulnerability in Interspire Articlelive 2005 Cross-site scripting (XSS) vulnerability in articles.newcomment for Interspire ArticleLive 2005 allows remote attackers to inject arbitrary web script or HTML via the Articleld parameter. network interspire | 4.3 |
2005-03-23 | CVE-2005-0878 | HTML Injection vulnerability in MercuryBoard Title Field Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the title field of a PM (private message). network mercuryboard | 4.3 |
2005-03-23 | CVE-2005-0761 | Denial of Service vulnerability in Imagemagick Photoshop Document Parsing Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file. | 5.0 |
2005-03-23 | CVE-2005-0759 | Denial Of Service vulnerability in ImageMagick TIFF Image Tag ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag. | 5.0 |