Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-04-02 | CVE-2007-1803 | Improper Input Validation vulnerability in Maildwarf Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote attackers to send e-mail to addresses different from the configured addresses. | 5.0 |
2007-04-02 | CVE-2007-1802 | Input Validation vulnerability in MailDwarf Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network maildwarf | 6.8 |
2007-04-02 | CVE-2007-1799 | Remote Directory Traversal Variant vulnerability in Ktorrent 2.1.1/2.1.2 Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384. | 6.4 |
2007-04-02 | CVE-2007-1797 | Numeric Errors vulnerability in Imagemagick Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667. | 6.8 |
2007-04-02 | CVE-2007-1793 | Improper Input Validation vulnerability in Symantec products SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. | 4.9 |
2007-03-31 | CVE-2007-1790 | Code Injection vulnerability in Kaqoo Auction Software Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction Software Free Edition allow remote attackers to execute arbitrary PHP code via a URL in the install_root parameter to (1) support.inc.php, (2) function.inc.php, (3) rdal_object.inc.php, (4) rdal_editor.inc.php. | 6.8 |
2007-03-31 | CVE-2007-1789 | Security Bypass And Information Disclosure vulnerability in Flyspray 0.9.9 Flyspray 0.9.9 allows remote attackers to obtain sensitive information (private project summaries) via direct requests. network flyspray | 6.8 |
2007-03-31 | CVE-2007-1788 | Security Bypass And Information Disclosure vulnerability in Flyspray 0.9.9 Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request. network flyspray | 6.8 |
2007-03-31 | CVE-2007-1786 | Products Unspecified SQL Injection vulnerability in Hitachi SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network hitachi | 6.8 |
2007-03-30 | CVE-2006-7184 | Remote File Include vulnerability in Exhibit Engine Toroot Parameter Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) fetchsettings.php or (2) fstyles.php. network photography-on-the-net | 6.8 |