Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-07 | CVE-2007-1293 | SQL injection vulnerability in Rigter Portal System Rigter Portal System 6.2 SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php. network rigter-portal-system | 5.8 |
| 2007-03-07 | CVE-2007-1291 | Cross-Site Scripting vulnerability in Tyger BUG Tracking System 1.1.3 Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php. network tyger | 5.8 |
| 2007-03-07 | CVE-2007-1289 | Input Validation vulnerability in Tyger BUG Tracking System 1.1.3 SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter. | 6.4 |
| 2007-03-07 | CVE-2006-7137 | Cross-Site Scripting vulnerability in Tiny Portal Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox. network tiny-portal | 4.3 |
| 2007-03-06 | CVE-2007-1287 | Cross-Site Scripting vulnerability in PHP A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388. network php | 4.3 |
| 2007-03-06 | CVE-2007-1286 | Integer Overflow vulnerability in PHP ZVAL Reference Counter Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter. network php | 6.8 |
| 2007-03-06 | CVE-2007-1269 | Unspecified vulnerability in GNU Gnumail 1.1.2 GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | 5.0 |
| 2007-03-06 | CVE-2007-1268 | Unspecified vulnerability in Mutt Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | 5.0 |
| 2007-03-06 | CVE-2007-1267 | Unspecified vulnerability in Sylpheed Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | 5.0 |
| 2007-03-06 | CVE-2007-1266 | Unspecified vulnerability in Gnome Evolution Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | 5.0 |