Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-08-31 | CVE-2007-4647 | Permissions, Privileges, and Access Controls vulnerability in 2Coolcode OUR Space 2.0.9 newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi. | 5.0 |
2007-08-31 | CVE-2007-4645 | Code Injection vulnerability in Nmdeluxe 2.0.0 SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a newspost do action, a different vulnerability than CVE-2006-1108. | 6.4 |
2007-08-31 | CVE-2007-4643 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Doomsday Integer underflow in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a PKT_CHAT packet with a data length less than 3, which triggers an erroneous malloc, possibly related to the Sv_HandlePacket function in sv_main.c. | 5.0 |
2007-08-31 | CVE-2007-4641 | Path Traversal vulnerability in Pakupaku CMS Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 6.4 |
2007-08-31 | CVE-2007-4640 | Permissions, Privileges, and Access Controls vulnerability in Pakupaku CMS Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action. | 6.4 |
2007-08-31 | CVE-2007-4638 | Remote Denial of Service vulnerability in Blizzard Entertainment StarCraft Brood War Minimap Preview Blizzard Entertainment StarCraft Brood War 1.15.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed map, which triggers an out-of-bounds read during a minimap preview. network blizzard-entertainment | 4.3 |
2007-08-31 | CVE-2007-4637 | Denial-Of-Service vulnerability in XGB 2.0 xGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote attackers to make unspecified changes via an unknown series of steps. | 6.4 |
2007-08-31 | CVE-2007-4635 | Improper Input Validation vulnerability in Yahoo Messenger 8.1.0.209/8.1.0.402 Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. | 5.0 |
2007-08-31 | CVE-2007-4633 | Cross-Site Scripting vulnerability in Cisco Call Manager and Unified Communications Manager Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728. | 4.3 |
2007-08-31 | CVE-2007-4632 | Improper Authentication vulnerability in Cisco IOS 12.2E/12.2F/12.2S Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105. | 4.3 |