Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-11 | CVE-2007-1968 | Remote File Include vulnerability in MyBlog Games.PHP PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the scoreid parameter. network sam-crew | 6.8 |
| 2007-04-11 | CVE-2007-1966 | Improper Authentication vulnerability in Exv2 Content Management System 2.0.4.3 Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie. | 5.0 |
| 2007-04-11 | CVE-2007-1965 | Cross-Site Scripting vulnerability in EXV2 CMS Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php. network exv2 | 4.3 |
| 2007-04-11 | CVE-2007-1964 | Denial-Of-Service vulnerability in MyBulletinBoard member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output. | 6.0 |
| 2007-04-11 | CVE-2007-1958 | Denial-Of-Service vulnerability in TinyMUX Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information. | 5.0 |
| 2007-04-11 | CVE-2007-1957 | Remote Security vulnerability in Web Php Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allow remote attackers to execute arbitrary PHP code via a URL in the pageAll parameter to index.php in (1) template/Vert/, or (2) template/Noir/. network guernion-sylvain-portail | 6.8 |
| 2007-04-11 | CVE-2007-1950 | Cross-Site Scripting vulnerability in Content Management System Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizzard CMS allows remote attackers to inject arbitrary web script or HTML via the Suchzeile parameter. network webblizzard | 4.3 |
| 2007-04-11 | CVE-2007-1944 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere Application Server The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability. | 5.0 |
| 2007-04-11 | CVE-2007-1941 | HTML Injection vulnerability in IBM Lotus Domino Web Access Active Content Filter Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843. network ibm | 4.3 |
| 2007-04-11 | CVE-2007-1940 | Unspecified vulnerability in IBM Tivoli Business Service Manager 4.1 IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 logs passwords in plaintext, which allows local users to obtain sensitive information by reading (1) ncisetup.db or (2) msi.log. | 4.9 |