Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-27 | CVE-2007-4546 | Remote vulnerability in Unreal Commander Malformed Archives Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation. network x-diesel | 5.8 |
| 2007-08-27 | CVE-2007-4545 | Path Traversal vulnerability in X-Diesel Unreal Commander 0.92Build565/0.92Build573 Multiple directory traversal vulnerabilities in Unreal Commander 0.92 build 565 and 573 allow user-assisted remote attackers to create or overwrite arbitrary files via a .. | 6.8 |
| 2007-08-27 | CVE-2007-4544 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress MU Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field). | 4.3 |
| 2007-08-27 | CVE-2007-4543 | Cross-Site Scripting vulnerability in Mozilla Bugzilla Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form." | 4.3 |
| 2007-08-27 | CVE-2007-4542 | Cross-Site Scripting vulnerability in University of Minnesota Mapserver Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program. | 4.3 |
| 2007-08-27 | CVE-2007-4541 | Cross-Site Request Forgery (CSRF) vulnerability in Olate Olatedownload 3.4.2 Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php. | 4.3 |
| 2007-08-27 | CVE-2007-4539 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields. | 5.0 |
| 2007-08-27 | CVE-2007-4538 | Remote vulnerability in Bugzilla email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters. | 5.0 |
| 2007-08-27 | CVE-2007-4537 | Remote Heap Based Buffer Overflow vulnerability in Skulltag Huffman Packet Decompression Heap-based buffer overflow in the Huffman decompression algorithm implemented in Skulltag 0.97d-beta4.1 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet. network skulltag-team | 6.8 |
| 2007-08-27 | CVE-2007-2958 | Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies. | 6.8 |