Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-30 | CVE-2007-4077 | Cross-Site Scripting vulnerability in Video Share Enterprise Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php. network alstrasoft | 4.3 |
| 2007-07-30 | CVE-2007-4076 | SQL Injection vulnerability in ASP Indir Alisveris Sitesi Script 0 Multiple SQL injection vulnerabilities in index.asp in Alisveris Sitesi Scripti allow remote attackers to execute arbitrary SQL commands via the (1) product_id or (2) cat_id parameter in a product mod action. | 7.5 |
| 2007-07-30 | CVE-2007-4075 | Cross-Site Scripting vulnerability in ASP Indir Alisveris Sitesi Script 0 Cross-site scripting (XSS) vulnerability in index.asp in Alisveris Sitesi Scripti allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search mod action. network asp-indir | 4.3 |
| 2007-07-30 | CVE-2007-4074 | Configuration vulnerability in multiple products The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. | 10.0 |
| 2007-07-30 | CVE-2007-4073 | Remote Security vulnerability in Webbler CMS Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. | 5.0 |
| 2007-07-30 | CVE-2007-4072 | Information Disclosure vulnerability in Webbler CMS Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php. | 5.0 |
| 2007-07-30 | CVE-2007-4071 | Cross-Site Scripting vulnerability in Webbler CMS Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter. network tincan | 4.3 |
| 2007-07-30 | CVE-2007-4070 | Information Disclosure vulnerability in SUN Solaris 10.0/8.0/9.0 Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors. | 4.9 |
| 2007-07-30 | CVE-2007-4069 | SQL Injection vulnerability in Index Script Index Script 2.8 SQL injection vulnerability in show_cat.php in IndexScript 2.8 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | 7.5 |
| 2007-07-30 | CVE-2007-4068 | SQL Injection vulnerability in Webyapar 2.0 Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the kat_id parameter to the default URI in a download action or (2) the id parameter to the default URI in a duyurular_detay action. network webyapar | 5.8 |