Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-27 | CVE-2007-3434 | Information Disclosure vulnerability in Pharmacy System index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the page parameter, which reveals the table prefix in an error message. | 5.0 |
| 2007-06-27 | CVE-2007-3431 | Remote File Include vulnerability in Valerio Capello Dagger - the Cutting Edge R23Jan2007 PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter. network valerio-capello | 6.8 |
| 2007-06-27 | CVE-2007-3429 | Unspecified vulnerability in E107 Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg. network e107 | 6.8 |
| 2007-06-27 | CVE-2007-3426 | Cross-Site Scripting vulnerability in phpTrafficA Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter. network zoneo-soft | 4.3 |
| 2007-06-27 | CVE-2007-3425 | Unspecified vulnerability in Zoneo-Soft PHPtraffica Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2. | 5.0 |
| 2007-06-27 | CVE-2007-1665 | Remote Denial of Service vulnerability in EKG 20050411 Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service. | 5.0 |
| 2007-06-27 | CVE-2007-1664 | Remote Denial of Service vulnerability in EKG 20050411 ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service (NULL pointer dereference) via a vector related to the token OCR functionality. | 5.0 |
| 2007-06-27 | CVE-2007-1663 | Remote Denial of Service vulnerability in EKG 20050411 Memory leak in the image message functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service. | 5.0 |
| 2007-06-27 | CVE-2006-7209 | Cross-Site Scripting vulnerability in phpTrafficA Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA before 1.2beta2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords results in the (1) main, (2) daily, (3) weekly, (4) monthly, (5) new trends, (6) individual page, and (7) search engine statistics. network zoneo-soft | 4.3 |
| 2007-06-26 | CVE-2007-3418 | Remote Security vulnerability in WebAPP The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users. | 6.5 |