Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-07 | CVE-2006-7158 | Cross-Site Scripting vulnerability in Oracle Apex 2.0/2.1/2.2 Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. network oracle | 4.3 |
| 2007-03-07 | CVE-2006-7154 | Remote Security vulnerability in Iono Iono allows remote attackers to obtain the full server path via certain requests to (1) templates/iono/admin/denied.tpl.php, (2) templates/iono/admin/index.tpl.php, and (a) other unspecified files in templates/. | 5.0 |
| 2007-03-07 | CVE-2006-7151 | Unspecified vulnerability in GNU Libtool-Ltdl 1.5.222.3 Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories. | 6.6 |
| 2007-03-07 | CVE-2006-7149 | Cross-Site Scripting vulnerability in Mambo 4.6/4.6.1 Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php. network mambo | 4.3 |
| 2007-03-07 | CVE-2006-7147 | Code Injection vulnerability in PHPbb Import Tools 0.1.3/0.1.4 PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Import Tools Mod 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 6.8 |
| 2007-03-07 | CVE-2006-7145 | Input Validation and Information Disclosure vulnerability in Call-Center-Software edit_user.php in Call Center Software 0.93 and earlier allows remote attackers to obtain sensitive information such as account passwords via a modified user_id parameter. | 5.5 |
| 2007-03-07 | CVE-2006-7143 | Cross-Site Scripting vulnerability in Call-Center-Software Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 and earlier allows remote attackers to inject arbitrary web script or HTML via the problem description field. network call-center-software | 5.8 |
| 2007-03-07 | CVE-2006-7140 | Remote Security vulnerability in Solaris The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339. network sun | 5.8 |
| 2007-03-07 | CVE-2006-7138 | SQL Injection vulnerability in Oracle Apex 2.0/2.1 SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. | 6.0 |
| 2007-03-07 | CVE-2007-1308 | Resource Management Errors vulnerability in KDE Konqueror 3.5.5 ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference. | 4.3 |