Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-03-14 | CVE-2005-0398 | Denial of Service vulnerability in KAME Racoon Malformed ISAKMP Packet Headers The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets. | 5.0 |
| 2005-03-14 | CVE-2005-0259 | Unspecified vulnerability in PHPbb Group PHPbb phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. | 6.4 |
| 2005-03-14 | CVE-2005-0258 | Unspecified vulnerability in PHPbb Group PHPbb Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter. | 5.0 |
| 2005-03-12 | CVE-2005-0780 | Unspecified vulnerability in PHP Arena Pafiledb paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, which reveal the path in a PHP error message. | 5.0 |
| 2005-03-10 | CVE-2005-0731 | Denial-Of-Service vulnerability in PY Software Active Webcam 5.5 PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to Filelist.html. | 5.0 |
| 2005-03-09 | CVE-2005-0745 | Local Security vulnerability in Ian-02Ex Voip Ata UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local users to bypass ATA access restrictions by dialing "*#26845#" and causing a device reset. | 4.6 |
| 2005-03-08 | CVE-2005-0747 | Information Disclosure vulnerability in I-Class ApplyYourself i-Class allows remote attackers to obtain sensitive information about their own applications by reusing the hidden ID field, as demonstrated using the id parameter to ApplicantDecision.asp. | 5.0 |
| 2005-03-08 | CVE-2005-0741 | Remote UsersRecentPosts Cross-Site Scripting vulnerability in Yabb 2.0Rc1 Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action. network yabb | 4.3 |
| 2005-03-08 | CVE-2005-0723 | Cross-Site Scripting vulnerability in PHP Arena Pafiledb 3.1 Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php. network php-arena | 4.3 |
| 2005-03-08 | CVE-2005-0098 | Unspecified vulnerability in Abuse Abuse-Sdl Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before 2.00 allow local users to execute arbitrary code via the command line. | 4.6 |