Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-08-20 | CVE-2007-4434 | Cross-Site Scripting vulnerability in Aspindir Text File Search 0 Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the Text File Search ASP (Classic) edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. network aspindir | 4.3 |
2007-08-20 | CVE-2007-4433 | Cross-Site Scripting vulnerability in Aspindir Text File Search 0 Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the Text File Search ASP.NET edition allows remote attackers to inject arbitrary web script or HTML via the search field. network aspindir | 4.3 |
2007-08-20 | CVE-2007-4432 | Local Security vulnerability in Linux Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables. | 4.6 |
2007-08-20 | CVE-2007-4430 | Improper Input Validation vulnerability in Cisco products Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. | 5.0 |
2007-08-20 | CVE-2007-4429 | Denial-Of-Service vulnerability in Skype Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a "call to a specific number." NOTE: this identifier is for the en.securitylab.ru disclosure. | 5.0 |
2007-08-20 | CVE-2007-4428 | Remote Code Execution vulnerability in Lhaz 1.33 Lhaz 1.33 allows remote attackers to execute arbitrary code via unknown vectors, as actively exploited in August 2007 by the Exploit-LHAZ.a gzip file, a different issue than CVE-2006-4116. network lhaz | 6.8 |
2007-08-20 | CVE-2007-4426 | Denial-Of-Service vulnerability in Live for Speed Live for Speed (LFS) S1 and S2 allows remote attackers to cause a denial of service (server crash) via (1) a certain 0x00 byte in a pre-login ID 3 packet, which triggers a NULL dereference; or (2) a pre-login ID 5 packet that lacks certain strings, which triggers an invalid pointer dereference. | 5.0 |
2007-08-20 | CVE-2007-4425 | Multiple vulnerability in Live FOR Speed Live for Speed Demo/S1/S2 Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 allow remote authenticated users to (1) cause a denial of service (server crash) and probably execute arbitrary code via an ID 3 packet with a long nickname field, and (2) cause a denial of service (server crash) via an ID 10 packet containing a long string corresponding to an unavailable track. network live-for-speed | 6.0 |
2007-08-18 | CVE-2007-4424 | Remote Security vulnerability in Safari For Windows Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. network apple | 4.3 |
2007-08-18 | CVE-2007-4423 | Buffer Errors vulnerability in IBM DB2 Universal Database 8.0/9.0/9.1 Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument. | 5.0 |