Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-07 | CVE-2007-0816 | Unspecified vulnerability in Broadcom Brightstor Arcserve Backup 11/11.1/11.5 The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields. | 5.0 |
| 2007-02-07 | CVE-2007-0815 | HTML Injection vulnerability in Uapplication Uphotogallery 1.1 Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. network uapplication | 4.3 |
| 2007-02-07 | CVE-2007-0814 | HTML Injection vulnerability in Adrenalin's ASP Chat Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat. network adrenalin-labs | 4.3 |
| 2007-02-07 | CVE-2007-0813 | Cross-Site Scripting vulnerability in MySearchEngine Cross-site scripting (XSS) vulnerability in Home production MySearchEngine allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network home-production | 4.3 |
| 2007-02-07 | CVE-2007-0807 | HTML Injection vulnerability in Darrens 5-Dollar Script Archive Flashchat 4.7.8 Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature. network darrens-5-dollar-script-archive | 6.8 |
| 2007-02-07 | CVE-2007-0802 | Improper Input Validation vulnerability in multiple products Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. | 6.4 |
| 2007-02-07 | CVE-2007-0801 | Unspecified vulnerability in Mozilla Firefox 1.5.0.9 The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest. network mozilla | 4.3 |
| 2007-02-07 | CVE-2007-0800 | Unspecified vulnerability in Mozilla Firefox 1.5.0.9 Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup. network mozilla | 4.3 |
| 2007-02-07 | CVE-2006-6970 | Permissions, Privileges, and Access Controls vulnerability in Opera Browser 9.10 Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter. | 5.0 |
| 2007-02-07 | CVE-2006-6969 | Unspecified vulnerability in Jetty Http Server Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks. network jetty | 6.8 |