Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-20 | CVE-2007-1513 | Remote File Include vulnerability in Grafx Company Website Builder PRO 1.9.8 PHP remote file inclusion vulnerability in comanda.php in GraFX Company WebSite Builder (CWB) PRO 1.9.8, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter. network grafx | 6.8 |
2007-03-20 | CVE-2007-1509 | Directory Traversal vulnerability in Holtstraeter Rot 13 Directory traversal vulnerability in enkrypt.php in Sascha Schroeder krypt (aka Holtstraeter Rot 13) allows remote attackers to read arbitrary files via a .. network holtstraeter | 4.3 |
2007-03-20 | CVE-2007-1508 | Cross-Site Scripting vulnerability in Jbmc Software Directadmin 1.293 Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983. network jbmc-software | 4.3 |
2007-03-20 | CVE-2007-0998 | Permissions, Privileges, and Access Controls vulnerability in XEN Qemu The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. | 4.3 |
2007-03-20 | CVE-2006-7171 | Improper Input Validation vulnerability in Koan Software Mega Mall product_review.php in Koan Software Mega Mall allows remote attackers to obtain the installation path via a request with an empty value of the x[] parameter. | 5.0 |
2007-03-20 | CVE-2006-7169 | Remote File Include vulnerability in Ultimate PHP Board Header_simple.PHP PHP remote file inclusion vulnerability in includes/header_simple.php in Ultimate PHP Board (UPB) 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[skin_dir] parameter. network ultimate-php-board | 6.8 |
2007-03-20 | CVE-2006-7166 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL." | 5.0 |
2007-03-20 | CVE-2006-7165 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs." network ibm | 4.3 |
2007-03-20 | CVE-2006-7164 | Information Disclosure vulnerability in Websphere Application Server SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests. | 4.3 |
2007-03-19 | CVE-2007-1506 | Cross-Site Scripting vulnerability in Oracle Portal P_OldURL Parameter Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters. network oracle | 4.3 |