Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2007-01-30 CVE-2007-0567 Cross-Site Scripting vulnerability in Interactive-Scripts.Com PHP Membership Manager 1.5
Cross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the _p parameter. 		6.8
6.8
2007-01-30 CVE-2007-0464 Buffer Errors vulnerability in Cfnetwork 129.19
The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference.
network
low complexity
apple cfnetwork CWE-119
5.0
5.0
2007-01-30 CVE-2007-0564 Denial-Of-Service vulnerability in Web Security
The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file.
network
low complexity
symantec
4.0
4.0
2007-01-30 CVE-2007-0563 Denial of Service And Cross-Site Scripting vulnerability in Symantec Web Security
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS.
network
symantec
4.3
4.3
2007-01-30 CVE-2007-0562 Denial-Of-Service vulnerability in Microsoft Windows Explorer 6.00.2900.2180
Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file.
network
microsoft
4.3
4.3
2007-01-29 CVE-2007-0347 Remote Denial of Service vulnerability in CVSTrac
The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries.
network
cvstrac
4.3
4.3
2007-01-29 CVE-2007-0553 HTML Injection vulnerability in PHProxy Index.Inc.PHP
Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604.
network
phproxy
6.8
6.8
2007-01-29 CVE-2007-0552 Cross-Site Scripting vulnerability in OH NO NOT Another CMS OH NO NOT Another CMS 0.0.8.4
Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter. 		6.8
6.8
2007-01-29 CVE-2007-0550 Cross-Site Scripting vulnerability in 212Cafe 212Cafeboard 0.08Beta
Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter.
network
212cafe
6.8
6.8
2007-01-29 CVE-2007-0549 Cross-Site Scripting vulnerability in 212Cafe 212Cafeboard 6.30Beta
Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter.
network
212cafe
6.8
6.8