Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-02 | CVE-2007-1180 | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact. network web-app-org | 4.3 |
2007-03-02 | CVE-2007-1179 | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8) sending of articles, which has unknown impact, and remote attack vectors related to spam attacks and possibly other attacks. | 5.0 |
2007-03-02 | CVE-2007-1177 | Cross-Site Scripting vulnerability in WebAPP WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS). network web-app-org | 5.8 |
2007-03-02 | CVE-2007-1176 | Cross-Site Scripting vulnerability in WebAPP Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer. network web-app-org | 4.3 |
2007-03-02 | CVE-2007-1175 | Cross-Site Scripting vulnerability in WebAPP Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network web-app-org | 4.3 |
2007-03-02 | CVE-2007-1174 | Remote vulnerability in Webapp.Org Webapp Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. network web-app-org | 4.3 |
2007-03-02 | CVE-2007-1172 | SQL-Injection vulnerability in Nukescripts Nukesentinel 2.5.05 SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit." | 6.4 |
2007-03-02 | CVE-2007-1170 | Games Denial Of Service vulnerability in SimBin Development Team SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends 1.1.0.0 and earlier, GTR 2 1.1 and earlier, and RACE - The WTCC Game 1.0 and earlier allow remote attackers to cause a denial of service (client disconnection) via an empty UDP packet to the server port. | 5.0 |
2007-03-02 | CVE-2007-1169 | Remote Security vulnerability in Trend Micro Serverprotect 1.2520070216 The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network. | 5.0 |
2007-03-02 | CVE-2007-1167 | Information Exposure vulnerability in Dzcp Dev!L'Z Clanportal inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter. | 5.0 |