Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-01 | CVE-2007-2976 | Cross-Site Scripting vulnerability in Cetrinity Firstclass and Server and Internet Services Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS) attacks. network cetrinity | 4.3 |
| 2007-06-01 | CVE-2007-2970 | Cross-Site Scripting vulnerability in 8e6 R3000 Internet Filter Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi in 8e6 R3000 Internet Filter allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) CAT, and (3) USER parameters. network 8e6-technologies | 4.3 |
| 2007-06-01 | CVE-2007-2968 | HTML Injection vulnerability in CPCommerce Full Name Field Cross-site scripting (XSS) vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter (Full Name field). network cpcommerce | 4.3 |
| 2007-06-01 | CVE-2007-2918 | ActiveX Controls Multiple Buffer Overflow vulnerability in Logitech VideoCall Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors. network logitech | 6.8 |
| 2007-06-01 | CVE-2007-2871 | Remote vulnerability in Mozilla Products Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. network mozilla | 4.3 |
| 2007-06-01 | CVE-2007-2870 | Remote vulnerability in Mozilla Products Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site. network mozilla | 4.3 |
| 2007-06-01 | CVE-2007-2869 | Remote vulnerability in Mozilla Products The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form. network mozilla | 4.3 |
| 2007-06-01 | CVE-2007-1362 | Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies." | 4.3 |
| 2007-05-31 | CVE-2007-2964 | Remote Denial of Service vulnerability in F-Secure Policy Manager FSMSH.DLL The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs. | 5.0 |
| 2007-05-31 | CVE-2007-2963 | Cross-Site Scripting vulnerability in Invision Power Board Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. network invision-power-services | 4.3 |