Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-30 | CVE-2007-0567 | Cross-Site Scripting vulnerability in Interactive-Scripts.Com PHP Membership Manager 1.5 Cross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the _p parameter. network interactive-scripts-com | 6.8 |
2007-01-30 | CVE-2007-0464 | Buffer Errors vulnerability in Cfnetwork 129.19 The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference. | 5.0 |
2007-01-30 | CVE-2007-0564 | Denial-Of-Service vulnerability in Web Security The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file. | 4.0 |
2007-01-30 | CVE-2007-0563 | Denial of Service And Cross-Site Scripting vulnerability in Symantec Web Security Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS. network symantec | 4.3 |
2007-01-30 | CVE-2007-0562 | Denial-Of-Service vulnerability in Microsoft Windows Explorer 6.00.2900.2180 Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file. network microsoft | 4.3 |
2007-01-29 | CVE-2007-0347 | Remote Denial of Service vulnerability in CVSTrac The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries. network cvstrac | 4.3 |
2007-01-29 | CVE-2007-0553 | HTML Injection vulnerability in PHProxy Index.Inc.PHP Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604. network phproxy | 6.8 |
2007-01-29 | CVE-2007-0552 | Cross-Site Scripting vulnerability in OH NO NOT Another CMS OH NO NOT Another CMS 0.0.8.4 Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter. network oh-no-not-another-cms | 6.8 |
2007-01-29 | CVE-2007-0550 | Cross-Site Scripting vulnerability in 212Cafe 212Cafeboard 0.08Beta Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter. network 212cafe | 6.8 |
2007-01-29 | CVE-2007-0549 | Cross-Site Scripting vulnerability in 212Cafe 212Cafeboard 6.30Beta Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. network 212cafe | 6.8 |