Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2007-04-18 CVE-2007-2099 Cross-Site Scripting vulnerability in Openconcept Back-End CMS 0.4.7
Cross-site scripting (XSS) vulnerability in htdocs/php.php in OpenConcept Back-End CMS 0.4.7 allows remote attackers to inject arbitrary web script or HTML via the page[] parameter.
network
openconcept
6.8
6.8
2007-04-18 CVE-2007-2098 Cross-Site Scripting vulnerability in Wabbit PHP Gallery 0.9
Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in Wabbit PHP Gallery 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) pic and (2) gal parameters.
network
wabbit
6.8
6.8
2007-04-18 CVE-2007-2090 Cross-Site Scripting vulnerability in Tumusika Evolution Tumusika Evolution 1.6
Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. 		6.8
6.8
2007-04-18 CVE-2007-2089 Remote File Include vulnerability in Mambo/Joomla New Article Component Absolute_Path
Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) components/ or (2) classes/html/.
network
jx-development
6.8
6.8
2007-04-18 CVE-2007-2087 Remote Security vulnerability in Cnstats 2.12
Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to execute arbitrary PHP code via a URL in the bn parameter to (1) who_r.php or (2) who_s.php in reports/.
network
cnstats
6.8
6.8
2007-04-18 CVE-2007-2086 Remote File Include vulnerability in Cnstats 2.9
Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allow remote attackers to execute arbitrary PHP code via a URL in the bj parameter to (1) who_r.php or (2) who_s.php in reports/.
network
cnstats
6.8
6.8
2007-04-18 CVE-2007-2085 Cross-Site Scripting vulnerability in OE2edit OE2edit.CGI
Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS allows remote attackers to inject arbitrary web script or HTML via the q parameter.
network
oe2edit
6.8
6.8
2007-04-18 CVE-2006-7194 Remote Security vulnerability in Republique Francaise Agora 1.4Rc1
PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter. 		6.8
6.8
2007-04-18 CVE-2007-2083 Unspecified vulnerability in Zonelabs Zonealarm
vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions.
local
zonelabs
6.9
6.9
2007-04-18 CVE-2007-2082 Remote Security vulnerability in MyBlog
Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php.
network
low complexity
myblog
6.5
6.5