Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-10 | CVE-2007-1375 | Integer Overflow vulnerability in PHP 5 Substr_Compare Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991. | 5.0 |
| 2007-03-10 | CVE-2007-1374 | HTML Injection vulnerability in Snitz Communications Snitz Forums 2000 3.4.06 Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the MSN parameter. network snitz-communications | 4.3 |
| 2007-03-10 | CVE-2007-1371 | Remote vulnerability in Radscan Conquest Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local users to gain privileges by querying a metaserver that sends a long server entry processed by metaGetServerList and allow remote metaservers to execute arbitrary code via a long server entry processed by metaGetServerList; (2) allow attackers to have an unknown impact by exceeding the configured number of metaservers; and allow remote attackers to corrupt memory via a SP_CLIENTSTAT packet with certain values of (3) unum or (4) snum, different vulnerabilities than CVE-2003-0933. local radscan | 6.9 |
| 2007-03-10 | CVE-2007-0005 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Omnikey.Aaitg Omnikey Cardman 4040 Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges. | 6.9 |
| 2007-03-10 | CVE-2006-7163 | Local Authentication Bypass vulnerability in Dreameesoft Password Master 1.0 DreameeSoft Password Master 1.0 stores the database in an unencrypted format when the master password is set, which allows attackers with physical access to read the database contents via an unspecified authentication bypass. local dreameesoft | 6.9 |
| 2007-03-09 | CVE-2007-1370 | Unspecified vulnerability in Zend Platform 2.2.1A Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. | 6.2 |
| 2007-03-09 | CVE-2007-1369 | Unspecified vulnerability in Zend Platform ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc. local zend | 4.4 |
| 2007-03-09 | CVE-2007-1367 | Remote Code Execution vulnerability in Avaya Communications Manager Javascript Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field. network avaya | 4.3 |
| 2007-03-08 | CVE-2007-1361 | Cross-Site Scripting vulnerability in VirtueMart Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network virtuemart | 4.3 |
| 2007-03-08 | CVE-2007-1360 | Unspecified vulnerability in Drupal Nodefamily 5.11.0 Unspecified vulnerability in the Nodefamily module for Drupal 5.x before 5.x-1.0 allows remote authenticated users to access and modify other users' profiles via unspecified URL parameters. network drupal | 6.0 |