Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-11 | CVE-2007-0166 | Local Symbolic Link vulnerability in FreeBSD Jail RC.D The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack. local freebsd | 6.6 |
| 2007-01-11 | CVE-2007-0204 | Input Validation vulnerability in phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. network phpmyadmin | 6.8 |
| 2007-01-11 | CVE-2007-0199 | Denial Of Service vulnerability in Cisco IOS Data-link Switching The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... | 5.0 |
| 2007-01-11 | CVE-2007-0198 | Denial of Service vulnerability in Cisco Unified Contact Center and IP Contact Center JTapi Gateway The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port. | 5.0 |
| 2007-01-11 | CVE-2007-0197 | Improper Input Validation vulnerability in Apple mac OS X 10.4.6/10.4.8 Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption. | 6.8 |
| 2007-01-11 | CVE-2007-0177 | Cross-Site Scripting vulnerability in MediaWiki Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.1 |
| 2007-01-11 | CVE-2007-0176 | Cross-Site Scripting vulnerability in Gforge 4.5.11 Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter. network gforge | 6.8 |
| 2007-01-11 | CVE-2007-0175 | Cross-Site Scripting vulnerability in B2Evolution 1.8.2/1.8.5/1.8.6 Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter. | 4.3 |
| 2007-01-11 | CVE-2007-0173 | Local File Include vulnerability in L2J Statistik Script 0.09 Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. network l2j | 6.8 |
| 2007-01-10 | CVE-2007-0162 | Local Privilege Escalation vulnerability in Unsanity Application Enhancer 2.0.2 Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files. | 6.8 |