Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-21 | CVE-2007-1580 | Buffer Errors vulnerability in Ftpdmin 0.96 FTPDMIN 0.96 allows remote attackers to cause a denial of service (daemon crash) via a LIST command for a Windows drive letter, as demonstrated using "//A:". | 6.3 |
2007-03-21 | CVE-2007-1577 | Local File Include vulnerability in Geblog 0.1 Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. | 5.0 |
2007-03-21 | CVE-2007-1002 | Unspecified vulnerability in Evolution Shared Memo 2.8.2.1 Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo. network evolution | 6.8 |
2007-03-21 | CVE-2007-1576 | Cross-Site Scripting vulnerability in PHProjekt 5.2 Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files. | 4.3 |
2007-03-21 | CVE-2007-1574 | Remote Security vulnerability in CARE2X CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | 5.0 |
2007-03-21 | CVE-2007-1573 | SQL Injection vulnerability in Jelsoft Vbulletin 3.6.4 SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field. | 6.0 |
2007-03-21 | CVE-2007-1572 | SQL-Injection vulnerability in Jgbbs SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. network sourceforge | 6.8 |
2007-03-21 | CVE-2007-1571 | Remote Security vulnerability in Activist Mobilization Platform PHP remote file inclusion vulnerability in includes/base.php in Radical Designs Activist Mobilization Platform (AMP) 3.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. network radical-designs | 6.8 |
2007-03-21 | CVE-2007-1564 | Information Exposure vulnerability in KDE Konqueror 3.5.5 The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | 6.8 |
2007-03-21 | CVE-2007-1563 | Information Exposure vulnerability in Opera Browser 9.10 The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | 6.8 |