Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-28 | CVE-2007-4578 | Numeric Errors vulnerability in Sophos Anti-Virus, Scanning Engine and Small Business Suite Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". | 6.8 |
| 2007-08-28 | CVE-2007-3846 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository. | 6.0 |
| 2007-08-28 | CVE-2007-4565 | Remote Denial of Service vulnerability in Fetchmail Failed Warning Message sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. | 5.0 |
| 2007-08-28 | CVE-2007-4564 | Permissions, Privileges, and Access Controls vulnerability in Hitachi products Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges. | 4.6 |
| 2007-08-28 | CVE-2007-4563 | Permissions, Privileges, and Access Controls vulnerability in Hitachi products Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges. | 4.4 |
| 2007-08-28 | CVE-2007-4562 | Denial Of Service vulnerability in Hitachi Cosminexus Dabroker and Dabroker Unspecified vulnerability in Hitachi DABroker before 03-02-/D and Cosminexus DABroker before 02-04-/C and 03-05-/E allows remote attackers to cause a denial of service (connection prevention) by sending "data unexpectedly through a port." network hitachi | 4.3 |
| 2007-08-28 | CVE-2007-4557 | Cross-Site Scripting vulnerability in Novell Groupwise Webaccess 6.5 Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2. | 4.3 |
| 2007-08-28 | CVE-2007-4556 | Unspecified vulnerability in Opensymphony Xwork Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character. network opensymphony | 6.8 |
| 2007-08-28 | CVE-2007-4521 | Remote Denial of Service vulnerability in Asterisk Malformed MIME Body Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail. | 5.0 |
| 2007-08-28 | CVE-2006-7222 | Buffer Errors vulnerability in Guliverkli Media Player Classic 6.4.9.0 Buffer overflow in the CFLICStream::_deltachunk function in FLICSource.cpp in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to execute arbitrary code via a crafted FLI file. | 6.8 |