Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-21 | CVE-2007-1562 | Information Exposure vulnerability in multiple products The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | 6.8 |
| 2007-03-21 | CVE-2007-1464 | Unspecified vulnerability in Inkscape Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. network inkscape | 6.8 |
| 2007-03-21 | CVE-2007-1463 | Unspecified vulnerability in Inkscape Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. | 6.8 |
| 2007-03-21 | CVE-2007-0606 | Information Disclosure vulnerability in W-Agora 4.2.1 w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message. | 5.0 |
| 2007-03-21 | CVE-2007-1560 | Remote Denial of Service vulnerability in Squid Proxy TRACE Request The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error. | 5.0 |
| 2007-03-20 | CVE-2007-1554 | Remote Security vulnerability in Guestbara 1.2 Direct static code injection vulnerability in admin/configuration.php in Guestbara 1.2 and earlier allows remote authenticated users to inject arbitrary PHP code into config.php via the (1) admin_mail, (2) emotpatch, (3) login, (4) pass, and unspecified other parameters. network guestbara | 6.8 |
| 2007-03-20 | CVE-2007-1553 | Remote Security vulnerability in Guestbara admin/configuration.php in Guestbara 1.2 and earlier allows remote attackers to modify the e-mail, name, and password of the admin account by setting the zapis parameter to "ok" and providing modified admin_mail, login, and pass parameters. | 5.0 |
| 2007-03-20 | CVE-2007-1551 | Cross-Site Scripting vulnerability in PHPx 3.5.15 Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 allow remote attackers to inject arbitrary web script or HTML via (1) the signature in "dans profile," or (2) search.php. network phpx | 4.3 |
| 2007-03-20 | CVE-2007-1549 | Input Validation vulnerability in PHPX Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 allows remote attackers to upload and execute arbitrary PHP scripts via an addImage action, which places scripts into the gallery/shelties/ directory. network phpx | 6.8 |
| 2007-03-20 | CVE-2007-1546 | Local Privilege Escalation and Denial of Service vulnerability in Radscan Network Audio System 1.8A Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c. | 5.0 |