Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-08 | CVE-2007-0857 | Cross-Site Scripting vulnerability in MoinMoin Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action. network moinmoin | 4.3 |
| 2007-02-08 | CVE-2007-0855 | Buffer Overflow vulnerability in Rarlab Unrar 3.60/3.61 Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive. network rarlab | 6.8 |
| 2007-02-08 | CVE-2007-0852 | HTML Injection and SQL Injection vulnerability in Techexcel Inc. Devtrack 6.0.3 Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. network techexcel-inc | 6.8 |
| 2007-02-08 | CVE-2007-0846 | Input Validation vulnerability in OTSCMS Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter. network open-tibia-server-cms | 6.8 |
| 2007-02-08 | CVE-2006-6982 | Remote Security vulnerability in 3Proxy 0.5/0.5.1/0.5.2 3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials. | 5.0 |
| 2007-02-08 | CVE-2006-6981 | Denial-Of-Service vulnerability in 3Proxy 0.5/0.5.1/0.5.2 3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows remote attackers to cause a denial of service (blocked account) via unspecified vectors related to NTLM authentication, which causes a password hash to be overwritten. | 5.0 |
| 2007-02-08 | CVE-2007-0844 | Authentication Bypass vulnerability in PAM SSH PAM SSH 1.91 The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase. | 6.4 |
| 2007-02-08 | CVE-2006-6978 | Cross-Site Scripting vulnerability in Fckeditor Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag. | 4.3 |
| 2007-02-08 | CVE-2006-6977 | Cross-Site Scripting vulnerability in Freetextbox Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FreeTextBox allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag. | 4.3 |
| 2007-02-08 | CVE-2006-2220 | Improper Input Validation vulnerability in PHPbb 2.0.20 phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message. | 5.0 |