Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-22 | CVE-2007-2164 | Denial-Of-Service vulnerability in KDE Konqueror 3.5.5 Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | 5.0 |
| 2007-04-22 | CVE-2007-2163 | Denial-Of-Service vulnerability in Safari Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | 5.0 |
| 2007-04-22 | CVE-2007-2161 | Unspecified vulnerability in Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. network microsoft | 4.3 |
| 2007-04-22 | CVE-2007-2159 | Cross-Site Scripting vulnerability in Drupal Database Administration Module 4.6/4.7 Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface. network drupal | 4.3 |
| 2007-04-19 | CVE-2007-2153 | Cross-Site Scripting vulnerability in @Mail Atmail.PHP Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter. network atmail | 6.8 |
| 2007-04-19 | CVE-2007-2151 | Denial of Service vulnerability in McAfee E-Business Administration Server Authentication Packet The administration server in McAfee e-Business Server before 8.1.1 and 8.5.x before 8.5.2 allows remote attackers to cause a denial of service (service crash) via a large length value in a malformed authentication packet, which triggers a heap over-read. | 5.0 |
| 2007-04-19 | CVE-2007-2148 | Remote Security vulnerability in Chatness Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php. | 6.5 |
| 2007-04-19 | CVE-2007-2144 | Code Injection vulnerability in Joomlapack 1.0.4A2Re PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
| 2007-04-19 | CVE-2007-1691 | ActiveX Controls Multiple Buffer Overflow vulnerability in Second Sight Software Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX control (ActiveMod.ocx) allows remote attackers to execute arbitrary code via unspecified vectors. network second-sight-software | 6.8 |
| 2007-04-19 | CVE-2007-1690 | ActiveX Controls Multiple Buffer Overflow vulnerability in Second Sight Software Multiple stack-based buffer overflows in Second Sight Software ActiveGS ActiveX control (ActiveGS.ocx) allow remote attackers to execute arbitrary code via unspecified vectors. network second-sight-software | 6.8 |