Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-08 | CVE-2007-1359 | Unspecified vulnerability in MOD Security MOD Security Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python. network mod-security | 6.8 |
| 2007-03-08 | CVE-2007-1350 | Buffer Overflow vulnerability in Novell Netmail 3.5.2 Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication. network novell | 6.8 |
| 2007-03-08 | CVE-2007-1346 | Remote Unauthorized Access vulnerability in Sun Ipmitool Interface Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 allows local users to gain privileges and reset or turn off the server. local sun | 6.6 |
| 2007-03-08 | CVE-2007-1342 | HTML Injection vulnerability in RETIRED: VBulletin Event Admincp/Index.PHP RSS Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form. network jelsoft | 4.3 |
| 2007-03-08 | CVE-2007-1341 | Unspecified vulnerability in Simple Invoices Simple Invoices 20061211/20070125/20070202 include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information. | 5.0 |
| 2007-03-07 | CVE-2007-1331 | Unspecified vulnerability in TKS Banking Solutions Eportfolio 1.0 Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program. network tks-banking-solutions | 4.3 |
| 2007-03-07 | CVE-2007-1330 | Local Protection Mechanism Bypass vulnerability in Comodo Firewall PRO 2.4.16.174/2.4.17.183/2.4.18.184 Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.184 and earlier allows local users to bypass driver protections on the HKLM\SYSTEM\Software\Comodo\Personal Firewall registry key by guessing the name of a named pipe under \Device\NamedPipe\OLE and attempting to open it multiple times. local comodo | 4.4 |
| 2007-03-07 | CVE-2007-1328 | Cross-Site Scripting vulnerability in Bj Webring Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu. network bernard-joly | 4.3 |
| 2007-03-07 | CVE-2006-7160 | Improper Input Validation vulnerability in Agnitum Outpost Firewall The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions. | 4.9 |
| 2007-03-07 | CVE-2006-7159 | Directory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote attackers to delete arbitrary files via ".." sequences in the TORRENTSDIR parameter in a prune action. | 6.4 |