Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-08-15 | CVE-2007-4366 | Denial of Service vulnerability in Wengo Wengophone 2.1 WengoPhone 2.1 allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header. | 5.0 |
2007-08-15 | CVE-2007-4365 | Cross-Site Scripting vulnerability in Content Management System Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. network exv2 | 4.3 |
2007-08-15 | CVE-2007-4363 | HTML-injection vulnerability in Drupal Content Construction KIT 4.7/5.2 Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module. network drupal | 4.3 |
2007-08-15 | CVE-2007-4362 | SQL Injection vulnerability in Prozilla Webring Website Script Category.PHP SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. network prozilla | 6.8 |
2007-08-15 | CVE-2007-4360 | Remote Access Card 4/P SSH Remote Denial Of Service vulnerability in Dell Remote Access Card 4 Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with firmware 1.50 Build 02.16 allows remote attackers to cause a denial of service (SSH daemon crash) via certain network traffic, as demonstrated by an "nmap -O" scan with nmap 4.03, possibly related to a Mocana (Mocanada) SSH vulnerability. network dell | 4.3 |
2007-08-15 | CVE-2007-4359 | SQL Injection vulnerability in SkilMatch Systems JobLister3 Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action. network skilmatch-staffing-systems | 6.8 |
2007-08-15 | CVE-2007-4358 | Denial of Service vulnerability in Zoidcom 0.6.5/0.6.7 Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of service (application crash) via a JOIN packet (aka connection packet) containing 0x69 in the ninth byte, which triggers a "double-delete" of trace data, a different vulnerability than CVE-2005-1643. network zoidcom | 4.3 |
2007-08-15 | CVE-2007-2929 | Multiple vulnerability in Lenovo Access Support and Automated Solutions The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code. network lenovo | 5.8 |
2007-08-15 | CVE-2007-2928 | Multiple vulnerability in Lenovo Access Support and Automated Solutions Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data. network lenovo | 5.8 |
2007-08-15 | CVE-2007-2240 | Multiple vulnerability in Lenovo Access Support and Automated Solutions The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download. network lenovo | 5.8 |