Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-02-15 | CVE-2005-0434 | Cross-Site Scripting vulnerability in PHP-Nuke Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation. network francisco-burzi | 4.3 |
2005-02-15 | CVE-2005-0433 | Cross-Site Scripting vulnerability in PHP-Nuke Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message. | 5.0 |
2005-02-15 | CVE-2005-0176 | Multiple vulnerability in Linux Kernel 2.6.9 The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released. | 5.0 |
2005-02-15 | CVE-2005-0149 | Unspecified vulnerability in Mozilla and Thunderbird Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages. | 5.0 |
2005-02-14 | CVE-2005-0444 | Local Security vulnerability in Workstation VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code. | 4.6 |
2005-02-14 | CVE-2005-0410 | Unspecified vulnerability in Citrusdb SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file. | 5.0 |
2005-02-14 | CVE-2005-0409 | Unspecified vulnerability in Citrusdb CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities. | 6.4 |
2005-02-14 | CVE-2005-0406 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Image Processing Project Image Processing A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image. | 5.5 |
2005-02-12 | CVE-2005-0430 | Remote Denial of Service vulnerability in ID Software Quake 3 Engine Infostring Query The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow. | 5.0 |
2005-02-10 | CVE-2005-0364 | Denial-Of-Service vulnerability in HP Hp-Ux 11.00/11.11/11.23 Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to cause a denial of service. | 5.0 |