Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-08-31 | CVE-2007-4633 | Cross-Site Scripting vulnerability in Cisco Call Manager and Unified Communications Manager Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728. | 4.3 |
2007-08-31 | CVE-2007-4632 | Improper Authentication vulnerability in Cisco IOS 12.2E/12.2F/12.2S Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105. | 4.3 |
2007-08-31 | CVE-2007-4631 | Link Following vulnerability in Qgit 1.5.62Pre1 The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames. | 6.9 |
2007-08-31 | CVE-2007-4630 | Cross-Site Scripting vulnerability in Xigla Absolute Poll Manager XE 4.1 Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute Poll Manager XE 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. network xigla | 4.3 |
2007-08-31 | CVE-2007-4626 | Denial-Of-Service vulnerability in Polipo Unspecified vulnerability in Polipo before 1.0.2 allows remote attackers to cause a denial of service (daemon crash) via certain network traffic associated with entities larger than 2 Gb. | 5.0 |
2007-08-31 | CVE-2007-4625 | Denial-Of-Service vulnerability in Polipo Polipo before 1.0.2 allows remote HTTP servers to cause a denial of service (daemon crash) by aborting the response to a POST request. network polipo | 4.3 |
2007-08-31 | CVE-2007-4624 | HTML Injection vulnerability in Abledesign Dynamic Picture Frame 1.0 Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign Dynamic Picture Frame 1.00 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. network abledesign | 4.3 |
2007-08-31 | CVE-2007-4616 | Information Disclosure vulnerability in BEA WebLogic Server Null Cipher Suite The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications. | 6.4 |
2007-08-31 | CVE-2007-4615 | Information Disclosure vulnerability in BEA WebLogic Server Null Cipher Suite The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications. | 6.4 |
2007-08-31 | CVE-2007-4613 | Cryptographic Issues vulnerability in BEA Weblogic Server SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461. | 6.8 |