Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-16 | CVE-2007-5486 | Permissions, Privileges, and Access Controls vulnerability in Dotproject dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. | 6.4 |
| 2007-10-16 | CVE-2007-5485 | SQL Injection vulnerability in Kwsphp 1.0 SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter. | 7.5 |
| 2007-10-16 | CVE-2007-5484 | Path Traversal vulnerability in Wwwisis 7.1 Directory traversal vulnerability in wxis.exe in WWWISIS 7.1 allows local users to read arbitrary files via a .. | 5.0 |
| 2007-10-16 | CVE-2007-5483 | Unspecified vulnerability in IBM WebSphere Application Server Administrative Scripting Tools Unspecified vulnerability in the Administrative Scripting Tools (such as wsadmin or ANT) in IBM WebSphere Application Server 5.x and 6.0.x has unknown impact and attack vectors. | 10.0 |
| 2007-10-16 | CVE-2007-5482 | Denial of Service vulnerability in SUN Storagetek 3510 and Storedge Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service (I/O request timeout and device hang) via unspecified vectors. | 6.4 |
| 2007-10-16 | CVE-2007-5481 | Denial Of Service vulnerability in Distributed Checksum Clearinghouse DCC 1.3.65 Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote attackers to cause a denial of service (crash) via a "SOCKS flood." | 5.0 |
| 2007-10-16 | CVE-2007-5480 | Cross-Site Scripting vulnerability in Innovaage Innovashop Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge InnovaShop allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to msg.jsp, and the (2) contentid parameter to tc/contents/home001.jsp. | 4.3 |
| 2007-10-16 | CVE-2007-5479 | Cross-Site Scripting vulnerability in Xcomputer Cross-site scripting (XSS) vulnerability in Search.asp in Xcomputer allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter. | 4.3 |
| 2007-10-16 | CVE-2007-5478 | Cross-Site Scripting vulnerability in Nabh Information Systems Stringbeans Portal 3.2 Cross-site scripting (XSS) vulnerability in projects in Nabh Stringbeans Portal (sbportal) 3.2 allows remote attackers to inject arbitrary web script or HTML via the project_name parameter. | 4.3 |
| 2007-10-16 | CVE-2007-4343 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Irfanview 3.99/4.00 Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows user-assisted remote attackers to execute arbitrary code via a crafted palette (.pal) file. | 5.1 |