Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-12 | CVE-2007-1419 | Local Unauthorized Access vulnerability in SUN Java Dynamic Management KIT 5.1 The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol (JMX RMI-IIOP) API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server application accessed by a privileged remote authenticated user. | 4.3 |
2007-03-12 | CVE-2007-1418 | Cross-Site Scripting vulnerability in Mindtouch Dekiwiki Gooseberry Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter. network mindtouch | 4.3 |
2007-03-10 | CVE-2007-1411 | Local Buffer Overflow vulnerability in PHP MSSQL_Connect Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions. network php | 6.8 |
2007-03-10 | CVE-2007-1409 | Information Disclosure vulnerability in WordPress WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message. | 5.0 |
2007-03-10 | CVE-2007-1405 | Cross-Site Scripting vulnerability in Trac Download Function Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. network edgewall-software | 4.3 |
2007-03-10 | CVE-2007-1401 | Local Security vulnerability in PHP 4.4.6 Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function. local php | 6.9 |
2007-03-10 | CVE-2007-1400 | Unspecified vulnerability in Plesh Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl. local plesh | 6.9 |
2007-03-10 | CVE-2007-1396 | Unspecified vulnerability in PHP The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. network php | 6.8 |
2007-03-10 | CVE-2007-1395 | Cross-Site Scripting vulnerability in phpMyAdmin Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>. network phpmyadmin | 4.3 |
2007-03-10 | CVE-2007-1392 | Local File Include vulnerability in Netforo 0.1 Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a .. | 5.0 |