Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-28 | CVE-2007-4550 | USE of Externally-Controlled Format String vulnerability in Altools Alpass 2.7/3.02 Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file. | 5.1 |
| 2007-08-28 | CVE-2007-4549 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Altools Alpass 2.7/3.02 Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow user-assisted remote attackers to execute arbitrary code via an ALPass DB (APW) file containing (1) a long file-key or (2) a "Site Information and Folder entry" with a ciphertext_length value much larger than the plaintext_length value. | 6.8 |
| 2007-08-27 | CVE-2007-4547 | Remote vulnerability in Unreal Commander Malformed Archives Unreal Commander 0.92 build 565 and 573 writes portions of heap memory into local files when extracting from an archive with malformed size information in a file header, which might allow user-assisted attackers to obtain sensitive information (memory contents) by reading the extracted files. network x-diesel | 4.3 |
| 2007-08-27 | CVE-2007-4546 | Remote vulnerability in Unreal Commander Malformed Archives Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation. network x-diesel | 5.8 |
| 2007-08-27 | CVE-2007-4545 | Path Traversal vulnerability in X-Diesel Unreal Commander 0.92Build565/0.92Build573 Multiple directory traversal vulnerabilities in Unreal Commander 0.92 build 565 and 573 allow user-assisted remote attackers to create or overwrite arbitrary files via a .. | 6.8 |
| 2007-08-27 | CVE-2007-4544 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress MU Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field). | 4.3 |
| 2007-08-27 | CVE-2007-4543 | Cross-Site Scripting vulnerability in Mozilla Bugzilla Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form." | 4.3 |
| 2007-08-27 | CVE-2007-4542 | Cross-Site Scripting vulnerability in University of Minnesota Mapserver Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program. | 4.3 |
| 2007-08-27 | CVE-2007-4541 | Cross-Site Request Forgery (CSRF) vulnerability in Olate Olatedownload 3.4.2 Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php. | 4.3 |
| 2007-08-27 | CVE-2007-4539 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields. | 5.0 |