Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-04 | CVE-2007-3996 | Numeric Errors vulnerability in PHP Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. | 6.8 |
| 2007-09-04 | CVE-2007-4650 | Permissions, Privileges, and Access Controls vulnerability in Bharat Mediratta Gallery Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules. | 6.4 |
| 2007-08-31 | CVE-2007-4647 | Permissions, Privileges, and Access Controls vulnerability in 2Coolcode OUR Space 2.0.9 newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi. | 5.0 |
| 2007-08-31 | CVE-2007-4645 | Code Injection vulnerability in Nmdeluxe 2.0.0 SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a newspost do action, a different vulnerability than CVE-2006-1108. | 6.4 |
| 2007-08-31 | CVE-2007-4643 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Doomsday Integer underflow in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a PKT_CHAT packet with a data length less than 3, which triggers an erroneous malloc, possibly related to the Sv_HandlePacket function in sv_main.c. | 5.0 |
| 2007-08-31 | CVE-2007-4641 | Path Traversal vulnerability in Pakupaku CMS Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 6.4 |
| 2007-08-31 | CVE-2007-4640 | Permissions, Privileges, and Access Controls vulnerability in Pakupaku CMS Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action. | 6.4 |
| 2007-08-31 | CVE-2007-4638 | Remote Denial of Service vulnerability in Blizzard Entertainment StarCraft Brood War Minimap Preview Blizzard Entertainment StarCraft Brood War 1.15.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed map, which triggers an out-of-bounds read during a minimap preview. network blizzard-entertainment | 4.3 |
| 2007-08-31 | CVE-2007-4637 | Denial-Of-Service vulnerability in XGB 2.0 xGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote attackers to make unspecified changes via an unknown series of steps. | 6.4 |
| 2007-08-31 | CVE-2007-4635 | Improper Input Validation vulnerability in Yahoo Messenger 8.1.0.209/8.1.0.402 Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. | 5.0 |