Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-02 | CVE-2007-1230 | Cross-Site Scripting vulnerability in Wordpress 2.1 Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049. network wordpress | 5.8 |
2007-03-02 | CVE-2007-1229 | Cross-Site Scripting vulnerability in Nullsoft Shoutcast Server 1.9.7 Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file. | 4.3 |
2007-03-02 | CVE-2007-1228 | Improper Authentication vulnerability in IBM DB2 8.2/9.0 IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories. | 4.4 |
2007-03-02 | CVE-2007-1227 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Virex 6.2 VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands. | 6.6 |
2007-03-02 | CVE-2007-1226 | Unspecified vulnerability in Mcafee Virex McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files. local mcafee | 4.1 |
2007-03-02 | CVE-2007-1224 | Unspecified vulnerability in Grok Developments Netproxy 4.03 Grok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port (:80). | 5.0 |
2007-03-02 | CVE-2007-1223 | Denial-Of-Service vulnerability in OSAS/FT/W Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows attackers to cause a denial of service (responder control processing halt) by sending "data unexpectedly through the port". | 5.0 |
2007-03-02 | CVE-2007-1220 | Privilege Escalation vulnerability in Microsoft Xbox 360 4532/4548 The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code. | 6.2 |
2007-03-02 | CVE-2007-1218 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. | 6.8 |
2007-03-02 | CVE-2007-1217 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet. | 6.9 |