Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-28 | CVE-2007-4557 | Cross-Site Scripting vulnerability in Novell Groupwise Webaccess 6.5 Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2. | 4.3 |
| 2007-08-28 | CVE-2007-4556 | Unspecified vulnerability in Opensymphony Xwork Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character. network opensymphony | 6.8 |
| 2007-08-28 | CVE-2007-4521 | Remote Denial of Service vulnerability in Asterisk Malformed MIME Body Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail. | 5.0 |
| 2007-08-28 | CVE-2006-7222 | Buffer Errors vulnerability in Guliverkli Media Player Classic 6.4.9.0 Buffer overflow in the CFLICStream::_deltachunk function in FLICSource.cpp in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to execute arbitrary code via a crafted FLI file. | 6.8 |
| 2007-08-28 | CVE-2007-4555 | Cross-Site Scripting vulnerability in Ipswitch WS FTP Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. | 4.3 |
| 2007-08-28 | CVE-2007-4554 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.7 Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 4.3 |
| 2007-08-28 | CVE-2007-4553 | Remote Denial of Service vulnerability in Thomson ST 2030 SIP Phone 1 The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number. | 5.0 |
| 2007-08-28 | CVE-2007-4550 | USE of Externally-Controlled Format String vulnerability in Altools Alpass 2.7/3.02 Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file. | 5.1 |
| 2007-08-28 | CVE-2007-4549 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Altools Alpass 2.7/3.02 Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow user-assisted remote attackers to execute arbitrary code via an ALPass DB (APW) file containing (1) a long file-key or (2) a "Site Information and Folder entry" with a ciphertext_length value much larger than the plaintext_length value. | 6.8 |
| 2007-08-27 | CVE-2007-4547 | Remote vulnerability in Unreal Commander Malformed Archives Unreal Commander 0.92 build 565 and 573 writes portions of heap memory into local files when extracting from an archive with malformed size information in a file header, which might allow user-assisted attackers to obtain sensitive information (memory contents) by reading the extracted files. network x-diesel | 4.3 |