Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-16 | CVE-2006-6931 | Denial of Service vulnerability in Snort Backtracking Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a "backtracking attack." | 5.0 |
| 2007-01-16 | CVE-2006-6487 | Cross-Site Scripting vulnerability in DT Guestbook DT Guestbook 1.0F Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the error[] parameter. | 5.1 |
| 2007-01-16 | CVE-2007-0248 | Remote Denial of Service vulnerability in Squid 2.6.Stable6 The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop. | 5.0 |
| 2007-01-16 | CVE-2007-0247 | Resource Management Errors vulnerability in Squid squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions. | 5.0 |
| 2007-01-13 | CVE-2007-0231 | Cross-Site Scripting vulnerability in SIX Apart Movable Type 3.33 Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field. network six-apart | 6.8 |
| 2007-01-13 | CVE-2007-0228 | Denial of Service vulnerability in Eiqnetworks Enterprise Security Analyzer 2.0/2.1/2.5 The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) &LOGPATH& (6) &FWADELTA& (7) &FWALOG& (8) &SETSYNCHRONOUS& (9) &SETPRGFILE&, or (10) &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference. | 5.0 |
| 2007-01-13 | CVE-2007-0227 | Local Information Disclosure vulnerability in Slocate 3.1 slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. | 5.0 |
| 2007-01-13 | CVE-2007-0225 | Cross-Site Scripting vulnerability in Virtual Programming Vp-Asp 6.09 Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. network virtual-programming | 6.8 |
| 2007-01-13 | CVE-2006-6928 | SQL Injection and Cross-Site Scripting vulnerability in Grandora Rialto 1.6 Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) listmain.asp or (b) searchmain.asp, the (2) the Keyword parameter to (c) searchkey.asp, or the (3) refno parameter to (d) forminfo.asp. network grandora | 6.8 |
| 2007-01-13 | CVE-2006-6925 | Input Validation vulnerability in Bitweaver Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php. network bitweaver | 6.8 |