Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-24 | CVE-2007-1646 | Cross-Site Scripting vulnerability in Subhub 2.3.0 Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the searchtext parameter to (a) /search, or the (2) message parameter to (b) /calendar or (c) /subscribe. network subhub | 4.3 |
| 2007-03-24 | CVE-2007-1642 | Information Disclosure vulnerability in Manageengine Firewall Analyzer 4.0 Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request. | 4.0 |
| 2007-03-23 | CVE-2007-1639 | Unspecified vulnerability in PHPprojekt 5.2.0 Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the (1) calendar or (2) file management module, or possibly unspecified other files. | 4.6 |
| 2007-03-23 | CVE-2007-1638 | Cross-Site Request Forgery vulnerability in PHPprojekt 5.2.0 Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Notes, (5) Search, (6) Mail, or (7) Filemanager module; the (9) summary page; or unspecified other files. network phpprojekt | 6.8 |
| 2007-03-23 | CVE-2007-1625 | Cross-Site Scripting vulnerability in Realguestbook 5.01 Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_entry.php. network realguestbook | 4.3 |
| 2007-03-23 | CVE-2007-1623 | Cross-Site Scripting vulnerability in Realguestbook 5.01 Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5.01, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) bg_color_1, (2) fs_menu, (3) fc_menu, (4) ff_menu, (5) bg_color_2, (6) fs_normal, (7) fc_normal, and (8) ff_normal parameters to welcome_admin.php; and possibly unspecified other parameters and files. network realguestbook | 4.3 |
| 2007-03-22 | CVE-2007-1611 | Cross-Site Scripting vulnerability in Sourcenext Ikanari Jijyou 1.0.0/1.0.1 Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote attackers to inject arbitrary web script or HTML via the title of an article in a feed. network sourcenext | 4.3 |
| 2007-03-22 | CVE-2007-1610 | HTML Injection vulnerability in NewsGlue RSS Feed Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed. network glue-software | 4.3 |
| 2007-03-22 | CVE-2007-1609 | Cross-Site Scripting vulnerability in Oracle Application Server 10.1.2.0.0 Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. network oracle | 4.3 |
| 2007-03-22 | CVE-2007-1607 | Input Validation vulnerability in W-Agora 4.2.1 search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error. | 5.0 |