Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-04 | CVE-2007-0058 | Information Exposure vulnerability in Cisco Network Admission Control Manager and Server System Software Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file. | 7.8 |
| 2007-01-04 | CVE-2007-0057 | Credentials Management vulnerability in Cisco Network Admission Control Manager and Server System Software Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access. | 10.0 |
| 2007-01-04 | CVE-2007-0056 | Cross-Site Scripting vulnerability in AShop Deluxe And AShop Administration Panel Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) ashop/catalogue.php and (b) ashop/basket.php, the (2) exp parameter to ashop/catalogue.php, the (3) searchstring parameter to (c) ashop/search.php, the (4) checkout and (5) action parameters to (d) ashop/shipping.php, the cat parameter to (f) cart-path/admin/editcatalogue.php, and the (7) resultpage parameter to (g) cart-path/admin/salesadmin.php. network ashopsoftware | 6.8 |
| 2007-01-04 | CVE-2007-0055 | Directory Traversal vulnerability in Fersch Formbankserver 1.9 Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. | 5.0 |
| 2007-01-04 | CVE-2007-0054 | Cross-Site Scripting vulnerability in VCard Pro Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. network belchior-foundry | 6.8 |
| 2007-01-04 | CVE-2007-0053 | SQL Injection vulnerability in autoDealer Detail.ASP SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter. | 7.5 |
| 2007-01-04 | CVE-2007-0052 | SQL Injection vulnerability in Vizayn Haber Haberdetay.ASP SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-01-04 | CVE-2007-0049 | Unspecified vulnerability in Geckovich Tasktracker and Tasktracker PRO Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp. | 7.5 |
| 2007-01-03 | CVE-2007-0048 | Unspecified vulnerability in Adobe Acrobat, Acrobat 3D and Acrobat Reader Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue." | 5.0 |
| 2007-01-03 | CVE-2007-0047 | Remote Security vulnerability in Reader CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. network adobe | 6.8 |