Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-13 | CVE-2006-6924 | Parameter Multiple Input Validation vulnerability in Retired: Bitweaver bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. | 5.0 |
| 2007-01-12 | CVE-2007-0195 | Input Validation vulnerability in F5 Firepass my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account. | 5.0 |
| 2007-01-12 | CVE-2007-0191 | Cross-Site Scripting vulnerability in MKPortal Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section. network mkportal | 6.8 |
| 2007-01-12 | CVE-2007-0188 | Input Validation vulnerability in F5 Firepass F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources. | 6.5 |
| 2007-01-12 | CVE-2007-0186 | Input Validation vulnerability in F5 Firepass 4100 Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. network f5 | 6.8 |
| 2007-01-12 | CVE-2007-0185 | Remote vulnerability in Direct Web Rendering Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch. | 5.0 |
| 2007-01-12 | CVE-2007-0183 | Cross-Site Scripting vulnerability in SUN Iplanet web Server 4.1 Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. network sun | 6.8 |
| 2007-01-12 | CVE-2007-0206 | Information Disclosure vulnerability in Hewlett Packard OpenView Network Node Manager Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to read arbitrary files via unknown vectors. | 5.0 |
| 2007-01-11 | CVE-2006-6920 | Cross-Site Scripting vulnerability in Nucleus CMS Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php. network nucleus-cms | 6.8 |
| 2007-01-11 | CVE-2006-6919 | Remote Security vulnerability in Sage-Mozdev Sage 1.3.8 Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script. network sage-mozdev | 6.8 |