Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-04-10 | CVE-2007-1939 | Cross-Site Scripting vulnerability in LanguageTool Cross-site scripting (XSS) vulnerability in the embedded webserver in Daniel Naber LanguageTool before 0.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message, possibly the demultiplex method in HTTPServer.java. network daniel-naber | 6.8 |
2007-04-10 | CVE-2007-1938 | Buffer Errors vulnerability in Ichitaro 2005/2006/2007 Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact via unspecified vectors in a document distributed through e-mail or a web site, possibly due to a buffer overflow or cross-site scripting (XSS). | 4.3 |
2007-04-10 | CVE-2007-1937 | Remote Security vulnerability in Dreamcodes Scorp Book 1.0 PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter. network dreamcodes | 6.8 |
2007-04-10 | CVE-2007-1936 | Remote Security vulnerability in Scar4U.De Scaradcontroller 1.1 PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sac_config_dir parameter. network scar4u-de | 6.8 |
2007-04-10 | CVE-2007-1935 | Remote Security vulnerability in Scar4U.De Scaradcontroller 1.1 PHP file inclusion vulnerability in admin/index.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the site parameter, which is accessed by the file_exists function. network scar4u-de | 6.8 |
2007-04-10 | CVE-2007-1934 | Local File Include vulnerability in PHP-Nuke Eboard Module 1.0.7 Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. network php-nuke | 6.8 |
2007-04-10 | CVE-2007-1929 | Unspecified vulnerability in GNA Beryo 2.0/2.4 Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and possibly other versions including 2.4, allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-04-10 | CVE-2007-1927 | Cross-Site Scripting vulnerability in Youngzsoft CMailServer Signup.ASP Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter. network youngzsoft | 4.3 |
2007-04-10 | CVE-2007-1926 | HTML Injection vulnerability in DirectAdmin Logfile Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files. network jbmc-software | 6.8 |
2007-04-10 | CVE-2007-1925 | Unspecified vulnerability in Tru-Zone Nukeet The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie. | 6.5 |