Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-02 | CVE-2006-7083 | Directory Traversal vulnerability in Rigter Portal System 1.0/2.0/3.0 Directory traversal vulnerability in index.php in Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to read arbitrary files via ".." sequences in the id parameter. network rigter-portal-system | 4.3 |
2007-03-02 | CVE-2006-7080 | Input Validation vulnerability in EXV2 Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter. network exv2 | 4.3 |
2007-03-02 | CVE-2006-7078 | Cross-Site Scripting vulnerability in Professional Home Page Tools Login Script Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) vorname, and (3) nachname parameters in the register script. | 4.3 |
2007-03-02 | CVE-2006-7077 | SQL-Injection vulnerability in PHPbb Group PHPbb Advanced Guestbook 2.4.0 SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter. network phpbb-group | 6.8 |
2007-03-02 | CVE-2006-7076 | Cross-Site Scripting vulnerability in PHPbb Group PHPbb Advanced Guestbook 2.4.0 Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. network phpbb-group | 4.3 |
2007-03-02 | CVE-2006-7075 | Remote Security vulnerability in Aqualung 0.9Beta5 Buffer overflow in the meta_read_flac function in meta_decoder.c for Aqualung 0.9beta5 and earlier, and CVS 0.193.2 and earlier, allows user-assisted attackers to execute arbitrary code via a long Vorbis comment in a Free Lossless Audio Codec (FLAC) file. network aqualung | 6.8 |
2007-03-02 | CVE-2006-7073 | Cross-Site Scripting vulnerability in Attachment Mod Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod before 2.4.5 allows remote attackers to inject arbitrary web script or HTML in Internet Explorer via unknown vectors related to the uploaded attachments form. network opentools | 4.3 |
2007-03-02 | CVE-2006-7072 | Cross-Site Scripting vulnerability in Geodesicsolutions Geoclassifieds Enterprise 2.0.5.0/2.0.5.1/2.0.5.2 Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the (1) b[username] and (2) c parameters to (a) index.php, the b[username] parameter to (b) admin/index.php, and (3) c[phone] parameter to register.php. network geodesicsolutions | 4.3 |
2007-03-02 | CVE-2006-7067 | Local Security vulnerability in Oracle Database Server 10.2.1 Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. | 6.0 |
2007-03-02 | CVE-2006-7065 | Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. | 5.0 |