Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-23 | CVE-2007-0407 | HTML Injection vulnerability in WebGUI Registration Username Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. network plain-black | 6.8 |
2007-01-23 | CVE-2007-0406 | Denial-Of-Service vulnerability in gxine Multiple buffer overflows in the (1) main function in (a) client.c, and the (2) server_setup and (3) server_client_connect functions in (b) server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service (daemon crash) or gain privileges via a long HOME environment variable. | 4.6 |
2007-01-23 | CVE-2007-0405 | Unspecified vulnerability in Django Project Django 0.95 The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user. | 6.5 |
2007-01-22 | CVE-2007-0402 | Cross-Site Scripting vulnerability in Paypal Subscription Manager Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter. network easebay-resources | 6.8 |
2007-01-22 | CVE-2007-0400 | Cross-Site Scripting vulnerability in Easebay Resources Login Manager 3.0 Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. network easebay-resources | 6.8 |
2007-01-22 | CVE-2007-0399 | HTML Injection vulnerability in Simple Machines Simple Machines Forum 1.1Rc3 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action. network simple-machines | 6.0 |
2007-01-22 | CVE-2007-0398 | Cross-Site Scripting vulnerability in A-Forum Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field. network arnotic | 6.8 |
2007-01-20 | CVE-2007-0397 | Unspecified vulnerability in Cisco products The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information. | 6.4 |
2007-01-19 | CVE-2007-0394 | Local Security vulnerability in HP Hp-Ux 11.11 HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | 4.6 |
2007-01-19 | CVE-2007-0393 | Local Security vulnerability in SUN Solaris 9.0 Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | 4.6 |