Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-04-12 | CVE-2007-2003 | Remote Security vulnerability in Inoutmailinglistmanager InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect. network inoutmailinglistmanager | 6.8 |
2007-04-12 | CVE-2007-2002 | Remote Security vulnerability in Inoutmailinglistmanager InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie. network inoutmailinglistmanager | 6.8 |
2007-04-12 | CVE-2007-2001 | Remote Security vulnerability in Crea-book Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3. | 6.5 |
2007-04-12 | CVE-2007-1996 | Code Injection vulnerability in Codebreak PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, probably 1.1.2 and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter. | 6.8 |
2007-04-12 | CVE-2007-1995 | Improper Input Validation vulnerability in Quagga bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. | 6.3 |
2007-04-12 | CVE-2007-1994 | Denial Of Service vulnerability in HP Hp-Ux 11.00 Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. | 4.9 |
2007-04-12 | CVE-2007-1991 | Cross-Site Scripting vulnerability in Youngzsoft CMailServer Comment Parameter Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927. network youngzsoft | 4.3 |
2007-04-12 | CVE-2007-1989 | Cross-Site Scripting vulnerability in DotClear Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. network dotclear | 4.3 |
2007-04-12 | CVE-2007-1988 | Cross-Site Scripting vulnerability in PHPecho CMS PHPecho CMS 2.0 Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. network phpecho-cms | 4.3 |
2007-04-12 | CVE-2007-1977 | Cross-Site Scripting vulnerability in Holacms 1.4.10 Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter. network holacms | 4.3 |