Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-12 | CVE-2007-1995 | Improper Input Validation vulnerability in Quagga bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. | 6.3 |
| 2007-04-12 | CVE-2007-1994 | Denial Of Service vulnerability in HP Hp-Ux 11.00 Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. | 4.9 |
| 2007-04-12 | CVE-2007-1991 | Cross-Site Scripting vulnerability in Youngzsoft CMailServer Comment Parameter Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927. network youngzsoft | 4.3 |
| 2007-04-12 | CVE-2007-1989 | Cross-Site Scripting vulnerability in DotClear Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. network dotclear | 4.3 |
| 2007-04-12 | CVE-2007-1988 | Cross-Site Scripting vulnerability in PHPecho CMS PHPecho CMS 2.0 Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. network phpecho-cms | 4.3 |
| 2007-04-12 | CVE-2007-1977 | Cross-Site Scripting vulnerability in Holacms 1.4.10 Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter. network holacms | 4.3 |
| 2007-04-11 | CVE-2007-1973 | Denial-Of-Service vulnerability in Microsoft Windows NT 4.0 Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206. local microsoft | 6.9 |
| 2007-04-11 | CVE-2007-1364 | SQL Injection vulnerability in DropAFew DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php. | 6.4 |
| 2007-04-11 | CVE-2007-1970 | Remote Security vulnerability in Firefox Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks. | 5.0 |
| 2007-04-11 | CVE-2007-1969 | Cross-Site Scripting vulnerability in Myblog Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter. network sam-crew | 4.3 |