Vulnerabilities > Microsoft > Windows > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-11-15 | CVE-2007-4692 | Improper Authentication vulnerability in Apple Safari The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. | 4.3 |
| 2007-10-18 | CVE-2007-5473 | Information Exposure vulnerability in Mono StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP. | 5.0 |
| 2007-06-20 | CVE-2007-3285 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would. | 6.8 |
| 2007-04-18 | CVE-2007-2110 | Multiple vulnerability in Oracle Database Server 10.1.0.4/9.0.1.5/9.2.0.7 Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. | 4.4 |
| 2007-04-18 | CVE-2007-2108 | Permissions, Privileges, and Access Controls vulnerability in multiple products Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. | 6.8 |
| 2006-06-22 | CVE-2006-3146 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Toshiba Bluetooth Stack The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack. | 5.0 |
| 2006-06-19 | CVE-2006-3074 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Kaspersky Anti-Virus and Kaspersky Internet Security klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess. | 5.0 |