Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-12 | CVE-2007-0183 | Cross-Site Scripting vulnerability in SUN Iplanet web Server 4.1 Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. network sun | 6.8 |
| 2007-01-12 | CVE-2007-0206 | Information Disclosure vulnerability in Hewlett Packard OpenView Network Node Manager Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to read arbitrary files via unknown vectors. | 5.0 |
| 2007-01-11 | CVE-2006-6920 | Cross-Site Scripting vulnerability in Nucleus CMS Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php. network nucleus-cms | 6.8 |
| 2007-01-11 | CVE-2006-6919 | Remote Security vulnerability in Sage-Mozdev Sage 1.3.8 Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script. network sage-mozdev | 6.8 |
| 2007-01-11 | CVE-2007-0166 | Local Symbolic Link vulnerability in FreeBSD Jail RC.D The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack. local freebsd | 6.6 |
| 2007-01-11 | CVE-2007-0204 | Input Validation vulnerability in phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. network phpmyadmin | 6.8 |
| 2007-01-11 | CVE-2007-0199 | Denial Of Service vulnerability in Cisco IOS Data-link Switching The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... | 5.0 |
| 2007-01-11 | CVE-2007-0198 | Denial of Service vulnerability in Cisco Unified Contact Center and IP Contact Center JTapi Gateway The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port. | 5.0 |
| 2007-01-11 | CVE-2007-0197 | Improper Input Validation vulnerability in Apple mac OS X 10.4.6/10.4.8 Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption. | 6.8 |
| 2007-01-11 | CVE-2007-0177 | Cross-Site Scripting vulnerability in MediaWiki Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.1 |