Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-16 | CVE-2007-2038 | Remote vulnerability in Cisco Wireless Lan Controller The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361. low complexity cisco | 6.1 |
| 2007-04-16 | CVE-2007-2033 | Multiple vulnerability in Cisco Wireless Control System Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596. | 6.5 |
| 2007-04-16 | CVE-2007-2030 | Unspecified vulnerability in Redhat Enterprise Linux and Fedora Core lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked. | 4.9 |
| 2007-04-13 | CVE-2007-2028 | Remote Denial Of Service vulnerability in FreeRadius EAP-TTLS Tunnel Memory Leak Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures. | 5.0 |
| 2007-04-13 | CVE-2007-2027 | USE of Externally-Controlled Format String vulnerability in Elinks 0.11.1 Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks. | 4.4 |
| 2007-04-13 | CVE-2007-2024 | Unspecified vulnerability in PHPwiki 1.3.X Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension. network phpwiki | 6.8 |
| 2007-04-13 | CVE-2007-2022 | Information Exposure vulnerability in multiple products Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | 6.8 |
| 2007-04-13 | CVE-2007-1873 | Cross-Site Scripting vulnerability in Mephisto 0.7.3 Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script. network mephisto | 4.3 |
| 2007-04-13 | CVE-2007-1872 | HTML Injection vulnerability in Toenda Software Development Toendacms 1.5.3 Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id. network toenda-software-development | 4.3 |
| 2007-04-13 | CVE-2007-1871 | HTML Injection vulnerability in Chcounter 3.1.3 Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the login_name parameter to /stats/. network chcounter | 4.3 |