Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-20 | CVE-2007-1527 | Unspecified vulnerability in Microsoft Windows Vista The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack. | 5.0 |
| 2007-03-20 | CVE-2007-1526 | Remote Security vulnerability in SUN Java System web Server 6.1 Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors. network sun | 6.0 |
| 2007-03-20 | CVE-2007-1525 | Remote PHP Code Execution vulnerability in Dayfox Designs Dayfox Blog 4 Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php. network dayfox-designs | 6.8 |
| 2007-03-20 | CVE-2007-1524 | Local File Include vulnerability in Zomplog 3.7.6 Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. | 5.0 |
| 2007-03-20 | CVE-2007-1522 | Unspecified vulnerability in PHP 5.2.0/5.2.1 Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors. network php | 6.8 |
| 2007-03-20 | CVE-2007-1521 | Unspecified vulnerability in PHP Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation. network php | 6.8 |
| 2007-03-20 | CVE-2007-0607 | Remote Security vulnerability in W-Agora 4.2.1 W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request. network w-agora | 4.3 |
| 2007-03-20 | CVE-2007-1516 | Remote File Include vulnerability in Cicoandcico Ccmail 1.0.1 PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter. network cicoandcico | 6.8 |
| 2007-03-20 | CVE-2007-1515 | Input Validation vulnerability in Horde IMP Webmail Client Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. network horde | 4.3 |
| 2007-03-20 | CVE-2007-1514 | Remote File Include vulnerability in Viperweb Portal 0.1Alpha PHP remote file inclusion vulnerability in index.php in ViperWeb Portal alpha 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the modpath parameter. network viperweb | 6.8 |