Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-30 | CVE-2007-1677 | Buffer Overflow vulnerability in NetBSD ISO(4) Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure argument to the clnp_route function. | 6.6 |
2007-03-30 | CVE-2007-1349 | Improper Input Validation vulnerability in multiple products PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. | 5.0 |
2007-03-29 | CVE-2006-4843 | HTML Injection vulnerability in IBM Lotus Domino Web Access Email Message Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme. network ibm | 4.3 |
2007-03-28 | CVE-2007-1738 | Local Privilege Escalation vulnerability in TrueCrypt Mount Set-EUID TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589. local truecrypt-foundation | 6.9 |
2007-03-28 | CVE-2007-1730 | Local Information Disclosure vulnerability in Linux Kernel 2.6.20/2.6.20.1/2.6.20.2 Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value. | 6.6 |
2007-03-28 | CVE-2007-1727 | Remote Unauthorized Access vulnerability in HP OpenView Network Node Manager Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors. | 6.5 |
2007-03-28 | CVE-2007-1726 | Remote PHP Code Execution vulnerability in Icebb 1.0Rc5 Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/. | 6.5 |
2007-03-28 | CVE-2007-1723 | Cross-Site Scripting vulnerability in Ciphertrust Ironmail 6.1.1 Multiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) network, (2) defRouterIp, (3) hostName, (4) domainName, (5) ipAddress, (6) defaultRouter, (7) dns1, or (8) dns2 parameter to (a) admin/system_IronMail.do; the (9) ipAddress parameter to (b) admin/systemOutOfBand.do; the (10) password or (11) confirmPassword parameter to (c) admin/systemBackup.do; the (12) Klicense parameter to (d) admin/systemLicenseManager.do; the (13) rows[1].attrValueStr or (14) rows[2].attrValueStr parameter to (e) admin/systemWebAdminConfig.do; the (15) rows[0].attrValueStr, rows[1].attrValueStr, (16) rows[2].attrValue, or (17) rows[2].attrValueStrClone parameter to (f) admin/ldap_ConfigureServiceProperties.do; the (18) input1 parameter to (g) admin/mailFirewall_MailRoutingInternal.do; or the (19) rows[2].attrValueStr, (20) rows[3].attrValueStr, (21) rows[5].attrValueStr, or (22) rows[6].attrValueStr parameter to (h) admin/mailIdsConfig.do. | 6.8 |
2007-03-28 | CVE-2007-1717 | Unspecified vulnerability in PHP The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. | 5.0 |
2007-03-27 | CVE-2006-7176 | Localhost.Localdomain Email Spoofing vulnerability in Sendmail 8.13.1.2 The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages. | 4.3 |