Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-10 | CVE-2007-1841 | Remote Denial Of Service vulnerability in IPSec-Tools The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service (tunnel crash) via crafted (1) DELETE (ISAKMP_NPTYPE_D) and (2) NOTIFY (ISAKMP_NPTYPE_N) messages. network ipsec-tools | 4.3 |
| 2007-04-10 | CVE-2007-0734 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password protection of a USB hard drive, which allows context-dependent attackers to list arbitrary directories or execute arbitrary code, resulting from memory corruption. | 5.4 |
| 2007-04-10 | CVE-2006-7192 | Unspecified vulnerability in Microsoft .Net Framework 2.0 Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag. network microsoft | 4.3 |
| 2007-04-10 | CVE-2007-1204 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows XP Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption. | 6.8 |
| 2007-04-10 | CVE-2007-0939 | Cross-Site Scripting vulnerability in Microsoft Content Management Server 2001/2002 Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability." network microsoft | 4.3 |
| 2007-04-10 | CVE-2007-1900 | Unspecified vulnerability in PHP 5.2.0/5.2.1 CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string. | 5.0 |
| 2007-04-10 | CVE-2006-4250 | Local Buffer Overflow vulnerability in Debian Linux 3.1 Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag. | 4.6 |
| 2007-04-09 | CVE-2007-1897 | SQL Injection vulnerability in Wordpress SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. | 6.5 |
| 2007-04-09 | CVE-2007-1896 | Directory Traversal vulnerability in Myspeach Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. network sky-gunning | 5.8 |
| 2007-04-09 | CVE-2007-1895 | Remote Security vulnerability in Myspeach PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630. network sky-gunning | 6.8 |