Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-26 | CVE-2007-1095 | Unspecified vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. network mozilla | 6.8 |
2007-02-26 | CVE-2007-1091 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers. network microsoft | 6.8 |
2007-02-24 | CVE-2006-7060 | Remote Security vulnerability in E-Dating System cindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message. | 5.0 |
2007-02-24 | CVE-2006-7059 | Cross-Site Scripting vulnerability in Scriptsez.Net E-Dating System Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities (') in IMG tags to (1) messages, (2) profile fields, or (3) the id parameter in a dologin operation to cindex.php. | 4.3 |
2007-02-24 | CVE-2006-7058 | Cross-Site Scripting vulnerability in Sphider Multiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_form.html and (2) templates/dark/search_form.html. network sphider | 4.3 |
2007-02-24 | CVE-2006-7056 | Remote File Include vulnerability in DreamCost Hostadmin 3.0/3.1 Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php. network dreamcost | 6.8 |
2007-02-24 | CVE-2006-7055 | Remote File Include vulnerability in TotalCalendar PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922. network sweetphp | 6.8 |
2007-02-24 | CVE-2006-7051 | Denial-Of-Service vulnerability in kernel The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory. | 4.9 |
2007-02-24 | CVE-2006-7050 | Cross-Site Scripting vulnerability in WikkaWiki Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php. network wikkawiki | 6.8 |
2007-02-24 | CVE-2006-7047 | Permissions, Privileges, and Access Controls vulnerability in Shoutpro 1.0 include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. | 5.0 |