Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-22 | CVE-2007-1068 | Credentials Management vulnerability in multiple products The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423. | 7.2 |
| 2007-02-22 | CVE-2007-1067 | Multiple vulnerability in Cisco 802.1X Authentication Deployment Products Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624. | 7.2 |
| 2007-02-21 | CVE-2007-1058 | SQL-Injection vulnerability in Online web Building Online web Building 2.0 SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. | 7.5 |
| 2007-02-21 | CVE-2007-1056 | Permissions, Privileges, and Access Controls vulnerability in VMWare Workstation 5.5.3Build34685 VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stopping the "VMware tools service" service. | 7.2 |
| 2007-02-21 | CVE-2007-1048 | Remote Security vulnerability in Phpbb Wordsearch PHP remote file inclusion vulnerability in admin_rebuild_search.php in phpbb_wordsearch allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
| 2007-02-21 | CVE-2007-1047 | Data Manipulation vulnerability in Distributed Checksum Clearinghouse DCC Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) before 1.3.51 allows remote attackers to delete or add hosts in /var/dcc/maps. | 7.5 |
| 2007-02-21 | CVE-2007-1043 | Authentication Bypass vulnerability in Ezboo Webstats 3.0.3 Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. | 7.5 |
| 2007-02-21 | CVE-2007-1040 | Directory Traversal vulnerability in Xpression News Xpression News 1.0.1 Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. | 7.5 |
| 2007-02-21 | CVE-2007-1036 | Permissions, Privileges, and Access Controls vulnerability in Jboss Application Server The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests. | 7.5 |
| 2007-02-21 | CVE-2007-1035 | Remote Command Execution vulnerability in Drupal Audio And MediaField Modules GetID3 Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors. | 7.5 |