Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-17 | CVE-2007-0267 | Resource Management Errors vulnerability in multiple products The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. | 6.6 |
| 2007-01-17 | CVE-2007-0014 | Cryptographic Issues vulnerability in SUN Chainkey Java Code Protection ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM. | 4.4 |
| 2007-01-17 | CVE-2006-6939 | Unspecified vulnerability in GNU ED 0.2 GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. | 4.6 |
| 2007-01-17 | CVE-2006-6938 | Remote File Include vulnerability in Nitrotech 0.0.3A Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via ".." sequences in the root parameter. | 5.0 |
| 2007-01-17 | CVE-2006-6936 | Input Validation vulnerability in Pensacola web Designs Xtremeasp Photogallery 2.0 Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field. network pensacola-web-designs | 6.8 |
| 2007-01-16 | CVE-2007-0265 | Cross-Site Scripting vulnerability in Portal System Beta Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to indexes/newscomments.asp. network ezboxx | 6.8 |
| 2007-01-16 | CVE-2007-0264 | Remote Buffer Overflow vulnerability in Winzip 9.0 Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. local winzip | 6.6 |
| 2007-01-16 | CVE-2007-0258 | Cross-Site Scripting vulnerability in Open Solution Quick.Cart Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | 6.8 |
| 2007-01-16 | CVE-2007-0250 | Input Validation vulnerability in Nwom Topsites 3.0 index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error. | 5.0 |
| 2007-01-16 | CVE-2007-0249 | Input Validation vulnerability in Nwom Topsites 3.0 Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter. network nwom | 6.8 |