Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-03 | CVE-2007-1240 | Cross-Site Scripting vulnerability in Docebo 3.0.3/3.0.4/3.0.5 Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. | 4.3 |
2007-03-03 | CVE-2007-1239 | Denial Of Service vulnerability in Microsoft Excel 2003 Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference. network microsoft | 4.3 |
2007-03-03 | CVE-2007-1238 | Resource Management Errors vulnerability in Microsoft Office 2003 Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file. | 4.3 |
2007-03-03 | CVE-2007-1237 | Information Exposure vulnerability in BJ Sintay Sitex 0.7.3 sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error. | 5.0 |
2007-03-03 | CVE-2007-1236 | Information Disclosure vulnerability in SiteX sitex allows remote attackers to obtain sensitive information via a request with a numerical value for the (1) sxMonth[] or (2) sxYear[] parameter to calendar.php, or the (3) page[] parameter to calendar_events.php, which reveals the path in various error messages. | 6.4 |
2007-03-03 | CVE-2007-1234 | Cross-Site Scripting vulnerability in BJ Sintay Sitex 0.7.3 Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php, or (4) the page parameter to calendar_events.php. | 4.3 |
2007-03-03 | CVE-2007-1232 | Local File Include vulnerability in Sqlite Manager Sqlite Manager 1.2 Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. | 5.1 |
2007-03-03 | CVE-2007-1231 | Cross-Site Scripting vulnerability in Sqlitemanager 1.2.0 Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php and certain other files. | 4.3 |
2007-03-03 | CVE-2006-7099 | Local File Include vulnerability in Solarpay . Directory traversal vulnerability in index.php in SolarPay allows remote attackers to read certain files via a .. | 5.0 |
2007-03-03 | CVE-2006-7098 | Permissions, Privileges, and Access Controls vulnerability in Debian Apache 1.3.34.4 The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl. | 6.6 |