Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-29 | CVE-2007-0550 | Cross-Site Scripting vulnerability in 212Cafe 212Cafeboard 0.08Beta Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter. network 212cafe | 6.8 |
2007-01-29 | CVE-2007-0549 | Cross-Site Scripting vulnerability in 212Cafe 212Cafeboard 6.30Beta Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. network 212cafe | 6.8 |
2007-01-29 | CVE-2007-0548 | Denial-Of-Service vulnerability in Karjasoft Sami Http Server 2.0.1 KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects. | 5.0 |
2007-01-29 | CVE-2007-0547 | Cross-Site Scripting vulnerability in WebFORM Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network cgi-rescue | 4.3 |
2007-01-29 | CVE-2007-0544 | HTML Injection vulnerability in Mybb 1.2.3 Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949. network mybb | 6.0 |
2007-01-29 | CVE-2007-0542 | Cross-Site Scripting vulnerability in 212Cafe Guestbook 4.00Beta Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestbook 4.00 beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. network 212cafe | 6.8 |
2007-01-29 | CVE-2007-0541 | Permissions, Privileges, and Access Controls vulnerability in Wordpress WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment. | 5.0 |
2007-01-29 | CVE-2007-0540 | Unspecified vulnerability in Wordpress WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. | 5.0 |
2007-01-29 | CVE-2007-0538 | Denial-Of-Service vulnerability in Community Server Forums Telligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. | 5.0 |
2007-01-29 | CVE-2007-0463 | Unspecified vulnerability in Apple Software Update 2.0.5 Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type. | 5.0 |