Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-09 | CVE-2007-1894 | HTML Injection vulnerability in WordPress WP_Title Function Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. network wordpress | 4.3 |
| 2007-04-09 | CVE-2007-1893 | Permissions, Privileges, and Access Controls vulnerability in Wordpress xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post." | 4.9 |
| 2007-04-06 | CVE-2007-1886 | Unspecified vulnerability in PHP 4.4.5/5.2.1 Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow." network php | 6.8 |
| 2007-04-06 | CVE-2007-1884 | Format String vulnerability in PHP Printf() Function 64bit Casting Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location. | 6.8 |
| 2007-04-06 | CVE-2007-1882 | SQL-Injection vulnerability in HP Mercury Quality Center 9.0 qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method. | 6.5 |
| 2007-04-06 | CVE-2007-1881 | Local Security vulnerability in Kaspersky Internet Security Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors. | 6.8 |
| 2007-04-06 | CVE-2007-1880 | Local Heap Overflow vulnerability in Kaspersky Internet Security Suite Klif.SYS Driver Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," which results in a heap overflow. local kaspersky-lab | 6.6 |
| 2007-04-06 | CVE-2007-1878 | Unspecified vulnerability in Parakey Inc. Firebug 1.01/1.02 Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as demonstrated via the runFile function, related to lack of HTML escaping in the property name. network parakey-inc | 6.8 |
| 2007-04-06 | CVE-2007-1271 | Buffer Overflow vulnerability in VMWare ESX 3.0.0/3.0.1 Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors. local vmware | 6.6 |
| 2007-04-06 | CVE-2007-1270 | Numeric Errors vulnerability in VMWare ESX and ESX Server Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors. | 5.0 |