Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-27 | CVE-2007-1714 | Cross-Site Scripting vulnerability in Cccounter 2.0 Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter. network cccounter | 6.8 |
| 2007-03-27 | CVE-2007-1713 | Unspecified vulnerability in B21Soft Basp21 2003.0211 CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, and BASP21 Pro 1.0.702.27 and earlier, allows remote attackers to inject arbitrary headers into e-mail messages via CRLF sequences in Subject lines. | 6.4 |
| 2007-03-27 | CVE-2007-1711 | Unspecified vulnerability in PHP 4.4.5/4.4.6 Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. network php | 6.8 |
| 2007-03-27 | CVE-2007-1710 | Security Bypass vulnerability in PHP 4.4.4/5.1.6/5.2.1 The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence. | 4.3 |
| 2007-03-27 | CVE-2007-1709 | Buffer Errors vulnerability in PHP 5.2.1 Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string. | 4.3 |
| 2007-03-27 | CVE-2007-1702 | Remote File Include vulnerability in Mambo FlatMenu Module MosConfig_Absolute_Path PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. network mambo | 6.8 |
| 2007-03-27 | CVE-2007-1701 | Deserialization of Untrusted Data vulnerability in PHP PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:". | 6.8 |
| 2007-03-27 | CVE-2007-1698 | Remote And Local File Include vulnerability in Philex download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter. | 5.0 |
| 2007-03-26 | CVE-2007-1678 | HTML Injection vulnerability in Fizzle 0.5 Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler. network fizzle | 4.3 |
| 2007-03-24 | CVE-2007-1651 | Cross-Site Request Forgery vulnerability in OpenID Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server, logged into the OpenID enabled site, and then logged out of the OpenID enabled site. network openid | 6.8 |