Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-22 | CVE-2007-1606 | Cross-Site Scripting vulnerability in W-Agora 4.2.1 Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php. network w-agora | 4.3 |
2007-03-22 | CVE-2007-1605 | Input Validation vulnerability in W-Agora 4.2.1 w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to index.php with a certain value of the (5) site[] or (6) sort[] parameter; (7) a request to profile.php with an empty value of the site[] parameter; or a request to search.php with (8) an empty value of the bn[] parameter or a certain value of the (9) pattern[] or (10) search_date[] parameter, which reveal the path in various error messages, probably related to variable type inconsistencies. | 5.0 |
2007-03-22 | CVE-2007-1599 | Information Disclosure vulnerability in Wordpress 2.1.2 wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter. | 6.5 |
2007-03-22 | CVE-2007-1598 | Remote Stack Buffer Overflow vulnerability in Intervations Filecopa 1.01 Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. network intervations | 6.8 |
2007-03-22 | CVE-2007-1597 | Information Disclosure vulnerability in Unclassified Newsboard Unclassified Newsboard 1.6.3 Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private message (PM) log via a direct request for logs/email-YY-MM-DD-HH-MM-SS.log, (3) the SQL error message log via a direct request for logs/error-YY-MM.log, and (4) the IP log via a direct request for logs/ip.log. | 5.0 |
2007-03-22 | CVE-2007-0240 | HTML Injection vulnerability in Zope HTTP Get Request Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request. network zope | 4.3 |
2007-03-21 | CVE-2007-1585 | Information Disclosure vulnerability in Linksys Wag200G and Wrt54Gc The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916. | 5.0 |
2007-03-21 | CVE-2007-1584 | Remote Security vulnerability in PHP 5.2.0 Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string. network php | 6.8 |
2007-03-21 | CVE-2007-1583 | Unspecified vulnerability in PHP The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation. network php | 6.8 |
2007-03-21 | CVE-2007-1582 | Unspecified vulnerability in PHP The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources. network php | 6.8 |