Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-06 | CVE-2007-1001 | Numeric Errors vulnerability in PHP Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values. | 6.8 |
| 2007-04-04 | CVE-2007-1212 | Privilege Escalation vulnerability in Microsoft Windows Graphics Rendering Engine EMF File Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file. local microsoft | 6.6 |
| 2007-04-03 | CVE-2007-1854 | Remote Unauthorized Access vulnerability in Hitachi uCosminexus Application Server Session Information Unspecified vulnerability in Hitachi Cosminexus Component Container 07-00 through 07-00-10, and 07-10 through 07-10-03, as used in uCosminexus Application Server Enterprise and Standard; uCosminexus Service Platform; uCosminexus Developer Standard and Professional; uCosminexus Service Architect; Electronic Form Workflow Standard Set, Professional Library Set, and Developer Client Set; and uCosminexus ERP Integrator, does not properly manage session information, which has an unspecified impact related to "unintended other requests." | 5.0 |
| 2007-04-03 | CVE-2007-1853 | Local Information Disclosure vulnerability in Multiple Hitachi JP1/HiCommand Products Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Global Link Availability Manager, Replication Monitor, Tiered Storage Manager, and Tuning Manager allows local users to obtain authentication information via unspecified vectors. | 5.0 |
| 2007-04-03 | CVE-2007-1850 | Directory Traversal vulnerability in Drake Cms Directory traversal vulnerability in classes/captcha/captcha.jpg.php in Drake CMS allows remote attackers to read arbitrary files or list arbitrary directories, and obtain the installation path, via a .. | 5.0 |
| 2007-04-03 | CVE-2007-1848 | Cross-Site Scripting vulnerability in Drake Team Drake CMS 0.3.7/0.3.7Beta Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. network drake-team | 4.3 |
| 2007-04-03 | CVE-2007-1843 | Code Injection vulnerability in Maptools Maplab 2.2.1 PHP remote file inclusion vulnerability in gmapfactory/params.php in MapLab 2.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gszAppPath parameter. | 6.8 |
| 2007-04-03 | CVE-2007-1840 | HTML Injection vulnerability in LDAP Account Manager lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS). network ldap-account-manager | 4.3 |
| 2007-04-03 | CVE-2007-1835 | Unspecified vulnerability in PHP PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions. | 4.6 |
| 2007-04-03 | CVE-2007-1833 | Remote Denial Of Service vulnerability in Cisco Unified CallManager And Unified Server The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of voice services) by sending crafted packets to the (1) SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port. | 5.0 |