Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-06 | CVE-2007-1264 | Unspecified vulnerability in Enigmail Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | 5.0 |
2007-03-06 | CVE-2007-1263 | GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection. | 5.0 |
2007-03-06 | CVE-2006-7127 | Code Injection vulnerability in Salims Softhouse JAF CMS 4.0 Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the main_dir parameter to (1) forum/main.php and (2) forum/headlines.php. | 6.8 |
2007-03-06 | CVE-2006-7126 | SQL-Injection vulnerability in Joomla BSQ Sitestats 1.8.0/2.1.1 SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF. network joomla | 6.8 |
2007-03-06 | CVE-2006-7125 | Cross-Site Scripting vulnerability in Joomla BSQ Sitestats 1.8.0/2.1.1 Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics. network joomla | 6.8 |
2007-03-06 | CVE-2006-7122 | Cross-Site Scripting vulnerability in Joomla BSQ Sitestats 1.8.0 Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter. network joomla | 6.8 |
2007-03-06 | CVE-2006-7117 | Path Traversal vulnerability in Kubix Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php. | 6.8 |
2007-03-06 | CVE-2006-7114 | Permissions, Privileges, and Access Controls vulnerability in Planerd.Net P-News P-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. | 5.0 |
2007-03-06 | CVE-2006-7112 | Path Traversal vulnerability in Maxdev Mdpro Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it. | 6.0 |
2007-03-06 | CVE-2007-0994 | Code Injection vulnerability in multiple products A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges. | 6.8 |