Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-05 | CVE-2007-0718 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists. | 5.8 |
2007-03-05 | CVE-2007-0717 | Code Execution vulnerability in Apple QuickTime Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. network apple | 5.8 |
2007-03-05 | CVE-2007-0716 | Code Execution vulnerability in Apple QuickTime Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. network apple | 5.8 |
2007-03-05 | CVE-2007-0715 | Code Execution vulnerability in Apple QuickTime Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file. network apple | 5.8 |
2007-03-05 | CVE-2007-0713 | Code Execution vulnerability in Apple QuickTime Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file. network apple | 5.8 |
2007-03-05 | CVE-2007-1276 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename. | 4.3 |
2007-03-05 | CVE-2006-7110 | Unspecified vulnerability in Drupal Imce Module Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences. | 5.5 |
2007-03-05 | CVE-2006-7109 | File-Upload vulnerability in Imce Module Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif. | 6.5 |
2007-03-04 | CVE-2006-7108 | Permissions, Privileges, and Access Controls vulnerability in Andries Brouwer Util-Linux 2.12A login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok. | 4.1 |
2007-03-03 | CVE-2006-7100 | Code Injection vulnerability in PHPbb Insert User PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Insert User 0.1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 6.8 |