Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-16 | CVE-2007-0979 | Information Exposure vulnerability in Lifetype Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file contents) via a "crafted URL." | 5.0 |
2007-02-16 | CVE-2007-0975 | Remote Security vulnerability in Apache Stats Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array. | 5.0 |
2007-02-16 | CVE-2007-0973 | Cross-Site Scripting vulnerability in Jupiter CMS Jupiter CMS 1.1.5 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header and certain other HTTP headers, which are displayed without proper sanitization when an administrator performs a Logged Guest action. network jupiter-cms | 6.8 |
2007-02-16 | CVE-2007-0969 | Input Validation vulnerability in WebTester Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to POST parameters to multiple files. network webtester | 6.8 |
2007-02-16 | CVE-2007-0964 | Products Multiple Remote Denial Of Service vulnerability in Cisco Firewall Services Module 3.1 Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a malformed HTTPS request. | 5.4 |
2007-02-15 | CVE-2007-0652 | HTML Injection and Cross-Site Scripting vulnerability in MailEnable Web Mail Client Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag. | 5.1 |
2007-02-15 | CVE-2007-0651 | HTML Injection and Cross-Site Scripting vulnerability in MailEnable Web Mail Client Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/. network mailenable | 4.3 |
2007-02-15 | CVE-2007-0953 | HTML Injection vulnerability in @Mail Search.HTML Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. network atmail | 4.3 |
2007-02-15 | CVE-2007-0952 | Cross-Site Scripting vulnerability in Virtual Calendar Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the (1) t and (2) yr parameters, and the (3) sho parameter when the m parameter is outside the intended range. network scriptsez-net | 6.8 |
2007-02-15 | CVE-2007-0950 | Input Validation vulnerability in Fullaspsite Shop Listmain.ASP Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter. network fullaspsite | 6.8 |