Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-13 | CVE-2007-0721 | Applications Multiple vulnerability in Apple Mac OS X Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption. network apple | 6.8 |
| 2007-03-13 | CVE-2007-0720 | The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted. | 5.0 |
| 2007-03-13 | CVE-2007-0719 | Applications Multiple vulnerability in Apple Mac OS X Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile. network apple | 6.8 |
| 2007-03-13 | CVE-2007-1433 | Cross-Site Scripting vulnerability in Grayscale Blog Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to (1) scripts/addblog_comment.php and (2) detail.php. network grayscale | 4.3 |
| 2007-03-13 | CVE-2007-1427 | Directory Traversal vulnerability in AssetMan PDF_File Parameter Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2007-03-12 | CVE-2007-1419 | Local Unauthorized Access vulnerability in SUN Java Dynamic Management KIT 5.1 The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol (JMX RMI-IIOP) API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server application accessed by a privileged remote authenticated user. | 4.3 |
| 2007-03-12 | CVE-2007-1418 | Cross-Site Scripting vulnerability in Mindtouch Dekiwiki Gooseberry Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter. network mindtouch | 4.3 |
| 2007-03-10 | CVE-2007-1411 | Local Buffer Overflow vulnerability in PHP MSSQL_Connect Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions. network php | 6.8 |
| 2007-03-10 | CVE-2007-1409 | Information Disclosure vulnerability in WordPress WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message. | 5.0 |
| 2007-03-10 | CVE-2007-1405 | Cross-Site Scripting vulnerability in Trac Download Function Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. network edgewall-software | 4.3 |