Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-13 | CVE-2007-0227 | Local Information Disclosure vulnerability in Slocate 3.1 slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. | 5.0 |
2007-01-13 | CVE-2007-0225 | Cross-Site Scripting vulnerability in Virtual Programming Vp-Asp 6.09 Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. network virtual-programming | 6.8 |
2007-01-13 | CVE-2006-6928 | SQL Injection and Cross-Site Scripting vulnerability in Grandora Rialto 1.6 Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) listmain.asp or (b) searchmain.asp, the (2) the Keyword parameter to (c) searchkey.asp, or the (3) refno parameter to (d) forminfo.asp. network grandora | 6.8 |
2007-01-13 | CVE-2006-6925 | Input Validation vulnerability in Bitweaver Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php. network bitweaver | 6.8 |
2007-01-13 | CVE-2006-6924 | Parameter Multiple Input Validation vulnerability in Retired: Bitweaver bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. | 5.0 |
2007-01-12 | CVE-2007-0195 | Input Validation vulnerability in F5 Firepass my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account. | 5.0 |
2007-01-12 | CVE-2007-0191 | Cross-Site Scripting vulnerability in MKPortal Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section. network mkportal | 6.8 |
2007-01-12 | CVE-2007-0188 | Input Validation vulnerability in F5 Firepass F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources. | 6.5 |
2007-01-12 | CVE-2007-0186 | Input Validation vulnerability in F5 Firepass 4100 Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. network f5 | 6.8 |
2007-01-12 | CVE-2007-0185 | Remote vulnerability in Direct Web Rendering Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch. | 5.0 |