Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-28 | CVE-2007-4564 | Permissions, Privileges, and Access Controls vulnerability in Hitachi products Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges. | 4.6 |
| 2007-08-28 | CVE-2007-4563 | Permissions, Privileges, and Access Controls vulnerability in Hitachi products Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges. | 4.4 |
| 2007-08-28 | CVE-2007-4562 | Denial Of Service vulnerability in Hitachi Cosminexus Dabroker and Dabroker Unspecified vulnerability in Hitachi DABroker before 03-02-/D and Cosminexus DABroker before 02-04-/C and 03-05-/E allows remote attackers to cause a denial of service (connection prevention) by sending "data unexpectedly through a port." network hitachi | 4.3 |
| 2007-08-28 | CVE-2007-4557 | Cross-Site Scripting vulnerability in Novell Groupwise Webaccess 6.5 Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2. | 4.3 |
| 2007-08-28 | CVE-2007-4556 | Unspecified vulnerability in Opensymphony Xwork Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character. network opensymphony | 6.8 |
| 2007-08-28 | CVE-2007-4521 | Remote Denial of Service vulnerability in Asterisk Malformed MIME Body Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail. | 5.0 |
| 2007-08-28 | CVE-2006-7222 | Buffer Errors vulnerability in Guliverkli Media Player Classic 6.4.9.0 Buffer overflow in the CFLICStream::_deltachunk function in FLICSource.cpp in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to execute arbitrary code via a crafted FLI file. | 6.8 |
| 2007-08-28 | CVE-2007-4555 | Cross-Site Scripting vulnerability in Ipswitch WS FTP Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. | 4.3 |
| 2007-08-28 | CVE-2007-4554 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.7 Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 4.3 |
| 2007-08-28 | CVE-2007-4553 | Remote Denial of Service vulnerability in Thomson ST 2030 SIP Phone 1 The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number. | 5.0 |