Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-04-10 | CVE-2007-1919 | Cross-Site Scripting vulnerability in Arizona-Dream Livre D OR Livor 2.5 Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream Livre d'or (livor) 2.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter. network arizona-dream | 4.3 |
2007-04-10 | CVE-2007-1918 | Unspecified vulnerability in SAP RFC Library 6.4/7.0 The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. | 5.0 |
2007-04-10 | CVE-2007-1913 | Unspecified vulnerability in SAP RFC Library 6.4/7.0 The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. | 5.0 |
2007-04-10 | CVE-2007-1912 | Heap Overflow vulnerability in Microsoft Windows Help File Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. network microsoft | 6.8 |
2007-04-10 | CVE-2007-1910 | Document File Buffer Overflow vulnerability in Microsoft Word 2007 Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc. network microsoft | 6.8 |
2007-04-10 | CVE-2007-1908 | Local File Include vulnerability in PHP121 Instant Messenger 2.2 PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function. network php121 | 6.8 |
2007-04-10 | CVE-2007-1907 | Remote File Include vulnerability in Pathos Content Management System 0.92.2 PHP remote file inclusion vulnerability in warn.php in Pathos Content Management System (CMS) 0.92-2 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. network pathos | 6.8 |
2007-04-10 | CVE-2007-1906 | Local File Include vulnerability in eCardMAX HotEditor Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2007-04-10 | CVE-2007-1905 | Cross-Site Scripting vulnerability in Pineapple Technologies Quizshock Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forward_to parameter, as demonstrated using "<"<". | 4.3 |
2007-04-10 | CVE-2007-1904 | Directory Traversal vulnerability in AOL ICQ and Instant Messenger Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. network aol | 4.3 |