Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-02 | CVE-2007-1161 | Cross-Site Scripting vulnerability in Call Center Software Call Center Software 0.93 Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element. | 4.3 |
| 2007-03-02 | CVE-2007-1159 | Cross-Site Scripting vulnerability in Pyrophobia 2.1.3.1 Cross-site scripting (XSS) vulnerability in modules/out.php in Pyrophobia 2.1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
| 2007-03-02 | CVE-2007-1158 | Local File Include vulnerability in Pagesetter 6.2/6.3.0 Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2007-03-02 | CVE-2007-1155 | Improper Input Validation vulnerability in Webspell Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. | 4.6 |
| 2007-03-02 | CVE-2007-1154 | SQL Injection vulnerability in Webspell SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | 6.8 |
| 2007-03-02 | CVE-2007-1152 | Path Traversal vulnerability in Pyrophobia 2.1.3.1 Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. | 5.0 |
| 2007-03-02 | CVE-2007-1151 | Cross-Site Scripting vulnerability in Lovecms 1.4 Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error. | 4.3 |
| 2007-03-02 | CVE-2007-1149 | Path Traversal vulnerability in Lovecms 1.4 Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. | 5.0 |
| 2007-03-02 | CVE-2007-1145 | Cross-Site Scripting vulnerability in Kayako Esupport 3.00.13/3.04.10 Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. | 4.3 |
| 2007-03-02 | CVE-2007-1144 | Path Traversal vulnerability in Comscripts J-Web Pics Navigator 1.0/2.0 Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. | 5.0 |