Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-06-09 | CVE-2005-1947 | Cross-Site Request Forgery (CSRF) vulnerability in Invisioncommunity Gallery Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions. | 4.3 |
| 2005-06-09 | CVE-2005-1879 | Link Following vulnerability in Lutel Lutelwall LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. | 5.5 |
| 2005-06-06 | CVE-2005-1880 | Link Following vulnerability in Everybuddy 0.4.3 everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. | 5.5 |
| 2005-05-19 | CVE-2005-1674 | Cross-Site Request Forgery (CSRF) vulnerability in Helpcenterlive Help Center Live Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php. | 6.5 |
| 2005-05-02 | CVE-2005-1111 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. | 4.7 |
| 2005-05-02 | CVE-2005-0824 | Link Following vulnerability in Mathopd The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal. | 5.5 |
| 2005-03-25 | CVE-2005-0587 | Link Following vulnerability in Mozilla Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file. | 6.5 |
| 2005-03-05 | CVE-2005-0109 | Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses. | 5.6 |
| 2005-02-14 | CVE-2005-0406 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Image Processing Project Image Processing A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image. | 5.5 |
| 2004-12-31 | CVE-2004-2331 | Unsafe Reflection vulnerability in Macromedia Coldfusion 6.1 ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. | 5.5 |