Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-27 | CVE-2007-3256 | Input Validation vulnerability in Xythos products Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution. | 4.0 |
| 2007-06-27 | CVE-2007-3255 | Input Validation vulnerability in Xythos Enterprise Document Manager Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or (2) the Content-Type HTTP header. | 6.5 |
| 2007-06-27 | CVE-2007-3458 | Local Denial of Service vulnerability in SUN Solaris 10.0/8.0/9.0 The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors. | 4.9 |
| 2007-06-27 | CVE-2007-3258 | Information Disclosure vulnerability in Vincent HOR Calendarix 0.7.20070307 calendar.php in Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via large values to the (1) year and (2) month parameters, which causes negative values to be passed to the mktime library call, and reveals the installation path in the error message. | 5.0 |
| 2007-06-27 | CVE-2006-7210 | Denial of Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block. | 5.0 |
| 2007-06-27 | CVE-2007-3451 | Remote File Include vulnerability in 6ALBlog PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter. | 6.5 |
| 2007-06-27 | CVE-2007-3450 | SQL-Injection vulnerability in 6Alblog SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. network gorani-network | 6.8 |
| 2007-06-27 | CVE-2007-3449 | SQL Injection vulnerability in 6ALBlog Member.PHP SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter. network gorani-network | 6.8 |
| 2007-06-27 | CVE-2007-3448 | Cross-Site Scripting vulnerability in Bugmall Shopping Cart Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. | 4.3 |
| 2007-06-27 | CVE-2007-3447 | SQL Injection vulnerability in Bugmall Shopping Cart 2.5 SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected. | 6.8 |