Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-03 | CVE-2007-0044 | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Acrobat, Acrobat 3D and Acrobat Reader Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." | 4.3 |
2007-01-03 | CVE-2007-0017 | USE of Externally-Controlled Format String vulnerability in Videolan VLC Media Player Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file. | 6.8 |
2007-01-01 | CVE-2007-0015 | Remote Buffer Overflow vulnerability in Apple Quicktime 7.1.3 Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. network apple | 6.8 |
2006-12-31 | CVE-2006-7233 | Cross-Site Scripting vulnerability in Ignite Realtime Openfire 2.6.0 Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.6.0, and possibly other versions before 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 4.3 |
2006-12-31 | CVE-2006-6915 | Denial Of Service vulnerability in IBM AIX 5.2.0/5.3.0 ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. | 4.0 |
2006-12-31 | CVE-2006-6914 | Local Information Disclosure vulnerability in IBM AIX 5.2.0/5.3.0 Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors. | 5.0 |
2006-12-31 | CVE-2006-6911 | SQL-Injection vulnerability in Digitizing Quote and Ordering System Digitizing Quote and Ordering System 1.0 SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter. | 6.0 |
2006-12-31 | CVE-2006-6899 | Configuration vulnerability in Bluez Project Bluez hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack. | 5.4 |
2006-12-31 | CVE-2006-6897 | Directory Traversal vulnerability in Widcomm Bluetooth for Windows 3.0.1.905 Directory traversal vulnerability in Widcomm Bluetooth for Windows (BTW) 3.0.1.905 allows remote attackers to conduct unauthorized file operations via a .. | 5.4 |
2006-12-31 | CVE-2006-6896 | Remote Security vulnerability in Headset The Bluetooth stack in the Plantronic Headset does not properly implement Non-pairable mode, which allows remote attackers to conduct unauthorized pair-up operations. | 5.4 |