Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-02 | CVE-2007-1142 | Cross-Site Scripting vulnerability in Reamday Enterprises Magic News Plus 1.0.2 Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php. | 4.3 |
2007-03-02 | CVE-2007-1138 | Path Traversal vulnerability in Cromosoft Simple Plantilla PHP Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter. | 5.0 |
2007-03-02 | CVE-2007-1137 | Unspecified vulnerability in Sourceforge Putmail putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information. | 5.0 |
2007-03-02 | CVE-2007-1136 | Improper Input Validation vulnerability in Webmplayer index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. | 6.8 |
2007-03-02 | CVE-2007-1135 | Input Validation vulnerability in WebMplayer Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id array index parameter to filecheck.php. network sourceforge | 6.8 |
2007-03-02 | CVE-2007-0001 | Local Denial of Service vulnerability in Redhat Enterprise Linux 4.0 The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped. local redhat | 4.7 |
2007-03-02 | CVE-2006-7090 | Code Injection vulnerability in PHPbb Security PHPbb Security PHP remote file inclusion vulnerability in phpbb_security.php in phpBB Security 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the php_root_path parameter. | 6.8 |
2007-03-02 | CVE-2006-7087 | Unspecified vulnerability in Dotdeb PHP CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable. | 5.0 |
2007-03-02 | CVE-2006-7086 | Information Exposure vulnerability in Mrcgiguy HOT Links The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter. | 4.3 |
2007-03-02 | CVE-2006-7085 | Cross-Site Scripting vulnerability in Rigter Portal System 1.0/2.0/3.0 Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. network rigter-portal-system | 4.3 |