Vulnerabilities > Microsoft > Windows > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-06-02 | CVE-2008-2099 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. | 6.9 |
| 2008-03-12 | CVE-2008-1302 | Numeric Errors vulnerability in Perforce Server The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access. | 5.0 |
| 2008-03-12 | CVE-2008-1299 | Cross-Site Scripting vulnerability in Manageengine Servicedesk Plus 7.0.0 Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. | 4.3 |
| 2007-12-17 | CVE-2007-6404 | Path Traversal vulnerability in Shttp Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. | 5.0 |
| 2007-11-15 | CVE-2007-4692 | Improper Authentication vulnerability in Apple Safari The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. | 4.3 |
| 2007-10-18 | CVE-2007-5473 | Information Exposure vulnerability in Mono StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP. | 5.0 |
| 2007-06-20 | CVE-2007-3285 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would. | 6.8 |
| 2007-04-18 | CVE-2007-2110 | Multiple vulnerability in Oracle Database Server 10.1.0.4/9.0.1.5/9.2.0.7 Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. | 4.4 |
| 2007-04-18 | CVE-2007-2108 | Permissions, Privileges, and Access Controls vulnerability in multiple products Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. | 6.8 |
| 2006-06-22 | CVE-2006-3146 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Toshiba Bluetooth Stack The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack. | 5.0 |