Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-16 | CVE-2007-1490 | Remote Security vulnerability in Communication Manager Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection"). network avaya | 6.0 |
| 2007-03-16 | CVE-2007-1489 | Cross-Site Request Forgery (CSRF) vulnerability in Web-App.Org Webapp 0.9.9.4/0.9.9.5/0.9.9.6 Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin access by modifying cookies and performing "certain consecutive actions," possibly due to a cross-site request forgery (CSRF) vulnerability. | 6.8 |
| 2007-03-16 | CVE-2007-1487 | Local File Include vulnerability in Cyber-Inside WebLog Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2007-03-16 | CVE-2007-1484 | Unspecified vulnerability in PHP The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called. | 4.6 |
| 2007-03-16 | CVE-2007-1482 | Cross-Site Scripting vulnerability in Liqua Wbblog Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows remote attackers to inject arbitrary web script or HTML via the e_id parameter in a viewentry cmd. | 4.3 |
| 2007-03-16 | CVE-2007-1479 | Cross-Site Scripting vulnerability in Creative Guestbook Creative Guestbook 1.0 Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. network creative-guestbook | 4.3 |
| 2007-03-16 | CVE-2007-1478 | Improper Input Validation vulnerability in Mcgallery 0.5B download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter. | 5.0 |
| 2007-03-16 | CVE-2007-1475 | Remote Buffer Overflow vulnerability in PHP Interbase Extension Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument. | 5.4 |
| 2007-03-16 | CVE-2007-1474 | Unspecified vulnerability in Horde Application Framework and IMP Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. network horde | 6.8 |
| 2007-03-16 | CVE-2007-1473 | Cross-Site Scripting vulnerability in Horde Framework Login.PHP Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php. network horde | 4.3 |