Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-18 | CVE-2007-2076 | Remote Security vulnerability in Maian Gallery 1.0 PHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. network maian | 6.8 |
| 2007-04-18 | CVE-2007-2075 | Local Privilege Escalation vulnerability in ScramDisk 4 Linux ScramDisk 4 Linux before 1.0-1 does not perform permission checks on mount points, which allows local users to gain privileges by using a system directory as a mount point for a container. local scramdisk-4-linux | 6.9 |
| 2007-04-18 | CVE-2007-2074 | Local Privilege Escalation vulnerability in ScramDisk 4 Linux Certain programs in containers in ScramDisk 4 Linux before 1.0-1 execute with SUID permissions, which allows local users to gain privileges via mounted containers. | 4.6 |
| 2007-04-18 | CVE-2007-2071 | HTML-injection vulnerability in Open-Gorotto 2.0A Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) pub/modules/d/_top.html; (2) /pub/modules/a/_access.html; (3) _circletop.html or (4) _cir66.html in pub/modules/ci/; or (5) _fri66.html, (6) _inv66.html, (7) _top.html, (8) _friends.html, or (9) _fri33.html in pub/modules/f/. network open-gorotto | 4.3 |
| 2007-04-18 | CVE-2007-2068 | Remote File Include vulnerability in StoreFront for Gallery Gallery_BaseDir Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/business_functions.php or (2) mods/ui_functions.php. network storefront-for-gallery | 6.8 |
| 2007-04-18 | CVE-2007-2066 | Information Disclosure vulnerability in UseBB UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message. | 5.0 |
| 2007-04-18 | CVE-2007-2063 | Permissions, Privileges, and Access Controls vulnerability in SSH Tectia Server 5.0/5.1.0/5.2.0 SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact. | 4.4 |
| 2007-04-18 | CVE-2007-2061 | Cross-Site Scripting vulnerability in Afterlogic Mailbee Webmail 3.4 Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter. network afterlogic | 4.3 |
| 2007-04-18 | CVE-2007-2060 | Unspecified vulnerability in Wizz Computers Wizz RSS Reader Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM. network wizz-computers | 6.8 |
| 2007-04-18 | CVE-2007-2058 | Directory Traversal vulnerability in Picozip 4.02 Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. network picozip | 6.8 |