Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-27 | CVE-2007-4538 | Remote vulnerability in Bugzilla email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters. | 5.0 |
| 2007-08-27 | CVE-2007-4537 | Remote Heap Based Buffer Overflow vulnerability in Skulltag Huffman Packet Decompression Heap-based buffer overflow in the Huffman decompression algorithm implemented in Skulltag 0.97d-beta4.1 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet. network skulltag-team | 6.8 |
| 2007-08-27 | CVE-2007-2958 | Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies. | 6.8 |
| 2007-08-25 | CVE-2007-4536 | Local Privilege Escalation vulnerability in TorrentTrader Insecure File Permission TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying (1) disclaimer.txt, (2) sponsors.txt, and (3) banners.txt, which are used in an include call. | 4.6 |
| 2007-08-25 | CVE-2007-4535 | Remote vulnerability in Vavoom The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows remote attackers to cause a denial of service (daemon crash) via a string with a negative NewLen value within a certain UDP packet that triggers an assertion error. network vavoom | 4.3 |
| 2007-08-25 | CVE-2007-4533 | Remote vulnerability in Vavoom Format string vulnerability in the Say command in sv_main.cpp in Vavoom 1.24 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a chat message, related to a call to the BroadcastPrintf function. network vavoom | 6.8 |
| 2007-08-25 | CVE-2007-4531 | Remote Denial of Service vulnerability in Michal Marcinkowski Soldat Dedicated Server and Soldat Game Server Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and earlier, allows remote attackers to cause a client denial of service (crash) via (1) a long string to the file transfer port or (2) a long chat message, or (3) a server denial of service (continuous beep and slowdown) via a string containing many 0x07 or other control characters to the file transfer port. | 5.0 |
| 2007-08-25 | CVE-2007-4530 | Scripts Multiple Cross-Site Scripting vulnerability in Teamspeak web Server 2.0.20.1 Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or (2) the ok_title parameter to ok_box.html. network teamspeak | 4.3 |
| 2007-08-25 | CVE-2007-4528 | Remote Security vulnerability in PHP 5.0.5 The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. network php | 4.3 |
| 2007-08-25 | CVE-2007-4522 | SQL and HTML Injection vulnerability in Ripe Website Manager 0.8.4/0.8.9 Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c) navigation/delete_item.php in admin/; the (2) menu_id, (3) name, (3) page_id, and (4) url parameters in (d) admin/navigation/do_new_item.php; the (5) new_menuname parameter in (e) admin/navigation/do_new_nav.php; and (6) area1, name, and url parameters to (f) admin/pages/do_new_page.php. network ripe-website-manager | 6.0 |