Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-12 | CVE-2006-6998 | Information Exposure vulnerability in Headstart Solutions Deskpro 2.0.0/2.0.1 install/loader_help.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERY_STRING, which calls the phpinfo function. | 5.0 |
| 2007-02-12 | CVE-2006-6996 | Cross-Site Scripting vulnerability in the WAR Forge Warforge.News 1.0 Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. network the-war-forge | 4.3 |
| 2007-02-12 | CVE-2006-6995 | Input Validation vulnerability in V3 Chat Instant Messenger mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter. network v3-chat | 6.0 |
| 2007-02-09 | CVE-2007-0869 | Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.6.4 Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. network jelsoft | 4.3 |
| 2007-02-09 | CVE-2007-0868 | Denial of Service vulnerability in Yahoo! Messenger Chat Room Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. | 5.0 |
| 2007-02-09 | CVE-2007-0866 | Local Code Execution vulnerability in HP Openview Storage Data Protector 5.50 Unspecified vulnerability in HP OpenView Storage Data Protector on HP-UX B.11.00, B.11.11, or B.11.23 allows local users to execute arbitrary code via unknown vectors. | 6.8 |
| 2007-02-09 | CVE-2006-6985 | Remote Security vulnerability in Maxthon 1.5.6Build42 Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 5.0 |
| 2007-02-09 | CVE-2006-6984 | Remote Security vulnerability in More Quick Tools Greenbrowser 3.4.0622 Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 5.0 |
| 2007-02-09 | CVE-2006-6983 | Remote Security vulnerability in Myweb4Net Browser 3.8.8.0 Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 5.0 |
| 2007-02-08 | CVE-2007-0669 | Unspecified vulnerability in Twiki Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files. | 4.6 |