Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-03 | CVE-2007-1258 | Denial-Of-Service vulnerability in IOS Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet. low complexity cisco | 6.1 |
| 2007-03-03 | CVE-2007-1256 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox 2.0/2.0.0.1/2.0.0.2 Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092. | 6.8 |
| 2007-03-03 | CVE-2007-1255 | SQL-Injection vulnerability in Connectix Boards Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. network connectix | 6.0 |
| 2007-03-03 | CVE-2007-1254 | SQL-Injection vulnerability in Connectix Boards SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php. | 6.5 |
| 2007-03-03 | CVE-2007-1249 | Race Condition vulnerability in Contelligent C1 Financial Services 9.1.4 MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components. | 6.8 |
| 2007-03-03 | CVE-2007-1248 | Cross-Site Scripting vulnerability in Built2Go News Manager Blog 1.0 Multiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to (a) news.php, and the nid parameter to (b) rating.php. | 4.3 |
| 2007-03-03 | CVE-2007-1247 | Code Injection vulnerability in Aweb Labs Awebnews 1.5 Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php. | 6.8 |
| 2007-03-03 | CVE-2007-1245 | Buffer Errors vulnerability in Irfanview 3.99 IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file. | 4.3 |
| 2007-03-03 | CVE-2007-1244 | Cross-Site Scripting vulnerability in Wordpress Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. network wordpress | 6.8 |
| 2007-03-03 | CVE-2007-1241 | Input Validation vulnerability in Audins Audiens Audins Audiens 3.3 Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. network audins-audiens | 5.8 |