Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-30 | CVE-2007-0579 | Local File Include vulnerability in Horde Groupware Calendar Component Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. | 5.1 |
| 2007-01-30 | CVE-2007-0578 | Denial of Service vulnerability in MPG123 HTTP_Open() Connection Handling The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early. network mpg123 | 4.3 |
| 2007-01-30 | CVE-2007-0567 | Cross-Site Scripting vulnerability in Interactive-Scripts.Com PHP Membership Manager 1.5 Cross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the _p parameter. network interactive-scripts-com | 6.8 |
| 2007-01-30 | CVE-2007-0464 | Buffer Errors vulnerability in Cfnetwork 129.19 The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference. | 5.0 |
| 2007-01-30 | CVE-2007-0564 | Denial-Of-Service vulnerability in Web Security The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file. | 4.0 |
| 2007-01-30 | CVE-2007-0563 | Denial of Service And Cross-Site Scripting vulnerability in Symantec Web Security Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS. network symantec | 4.3 |
| 2007-01-30 | CVE-2007-0562 | Denial-Of-Service vulnerability in Microsoft Windows Explorer 6.00.2900.2180 Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file. network microsoft | 4.3 |
| 2007-01-29 | CVE-2007-0347 | Remote Denial of Service vulnerability in CVSTrac The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries. network cvstrac | 4.3 |
| 2007-01-29 | CVE-2007-0553 | HTML Injection vulnerability in PHProxy Index.Inc.PHP Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604. network phproxy | 6.8 |
| 2007-01-29 | CVE-2007-0552 | Cross-Site Scripting vulnerability in OH NO NOT Another CMS OH NO NOT Another CMS 0.0.8.4 Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter. network oh-no-not-another-cms | 6.8 |