Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-15 | CVE-2006-7023 | Cross-Site Scripting vulnerability in Fx-App 0.0.8.1 Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6) a menu item. network fx-app | 4.3 |
| 2007-02-14 | CVE-2007-0929 | Directory Traversal vulnerability in Php Rrd Browser Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter. | 5.0 |
| 2007-02-14 | CVE-2007-0928 | Information Disclosure vulnerability in Virtual Calendar Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt. | 5.0 |
| 2007-02-14 | CVE-2007-0925 | Cross-Site Scripting vulnerability in Community Server SearchResults.ASPX Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter. network communityserver-org | 4.3 |
| 2007-02-14 | CVE-2007-0922 | Cross-Site Scripting vulnerability in Portal Search Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string. network radical-technologies | 4.3 |
| 2007-02-14 | CVE-2007-0917 | Multiple vulnerability in Cisco IOS Intrusion Prevention System The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets. | 6.4 |
| 2007-02-14 | CVE-2007-0916 | Local Denial of Service vulnerability in HP Hp-Ux 11.11/11.23 Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. | 4.9 |
| 2007-02-14 | CVE-2006-5860 | Cross-Site Scripting vulnerability in Adobe Coldfusion and Jrun Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2007-02-14 | CVE-2006-5859 | Cross-Site Scripting vulnerability in Adobe Coldfusion 7.0/7.0.1 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm. | 4.3 |
| 2007-02-13 | CVE-2007-0908 | Improper Input Validation vulnerability in multiple products The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable. | 5.0 |