Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-25 | CVE-2007-0482 | Unspecified vulnerability in SUN RAY Server Software 2.0/3.0 cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack. | 4.6 |
| 2007-01-25 | CVE-2007-0478 | Cross-Site Scripting vulnerability in Apple Safari and Webcore WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. | 4.3 |
| 2007-01-25 | CVE-2007-0477 | Cross-Site Scripting vulnerability in Openads 2.3.30 Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. network openads | 6.8 |
| 2007-01-25 | CVE-2007-0476 | Unspecified vulnerability in Gentoo Linux 2.1.30/2.2.28/2.3.30 The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack. | 4.6 |
| 2007-01-24 | CVE-2007-0468 | Remote Security vulnerability in Microsoft Visual Studio 6.0 Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file. network microsoft | 6.8 |
| 2007-01-24 | CVE-2007-0461 | Denial-Of-Service vulnerability in Dazuko Multiple memory leaks in the Dazuko anti-virus helper module before 2.3.2 allow attackers to cause a denial of service (memory consumption) via unknown vectors. | 5.0 |
| 2007-01-24 | CVE-2007-0023 | Local Privilege Escalation vulnerability in Apple mac OS X 10.4.8 The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user. local apple | 6.9 |
| 2007-01-23 | CVE-2007-0442 | Remote Security vulnerability in IBM OS/400 Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. | 5.0 |
| 2007-01-23 | CVE-2007-0441 | Remote Security vulnerability in OpenView Network Node Manager Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to execute arbitrary commands via unknown vectors. | 5.1 |
| 2007-01-23 | CVE-2007-0434 | Products Multiple vulnerability in BEA Aqualogic Enterprise Security 2.0/2.1/2.2 BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection. | 4.6 |