Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-19 | CVE-2007-1504 | Cross-Site Scripting vulnerability in iNTERSTAGE Application Server Standard Edition Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes. network fujitsu | 4.3 |
| 2007-03-19 | CVE-2007-1502 | Remote vulnerability in Rhapsody IRC Rhapsody IRC 0.28B Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via a (1) long command, (2) long server argument to the (a) connect or (b) server commands, (3) long nick argument to the (c) nick command, or a long (4) nick or (5) message argument to the (d) ctcp, (e) chat, (f) notice, (g) message (msg), or (h) query commands. network rhapsody-irc | 6.8 |
| 2007-03-19 | CVE-2007-1500 | Unspecified vulnerability in Gentoo Linux The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat. | 4.3 |
| 2007-03-19 | CVE-2007-0237 | Unspecified vulnerability in Lookup The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.6 |
| 2007-03-17 | CVE-2007-1499 | Cross-Site Scripting vulnerability in Microsoft IE 7.0 Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability." | 4.3 |
| 2007-03-16 | CVE-2007-1497 | Unspecified vulnerability in Linux Kernel nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments. | 5.0 |
| 2007-03-16 | CVE-2007-1496 | NULL Pointer Dereference vulnerability in Linux Kernel Netfilter NFNetLink_Log nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference. | 4.9 |
| 2007-03-16 | CVE-2007-1495 | Local Denial of Service vulnerability in Symantec Norton Personal Firewall 20069.1.1.7 The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855. | 4.9 |
| 2007-03-16 | CVE-2007-1494 | Cross-Site Scripting vulnerability in NukeSentinel Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://". network nukescripts | 6.8 |
| 2007-03-16 | CVE-2007-1491 | Remote Security vulnerability in S8500 Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties. low complexity avaya | 5.2 |