Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-27 | CVE-2007-1132 | Cross-Site Scripting vulnerability in Mtcms 2.2 Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields. | 4.3 |
| 2007-02-27 | CVE-2007-1128 | Denial-Of-Service vulnerability in Watersweb Shops Shop KIT Plus Initial shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages. | 5.0 |
| 2007-02-27 | CVE-2007-1127 | Local File Include vulnerability in Watersweb Shops Shop KIT Plus Initial Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. | 6.4 |
| 2007-02-27 | CVE-2007-1125 | Cross-Site Scripting vulnerability in Simple One-File Gallery Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter. network xeroxer | 4.3 |
| 2007-02-27 | CVE-2007-1124 | Input Validation vulnerability in Simple One-File Gallery Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2007-02-27 | CVE-2007-1122 | SQL-Injection vulnerability in Address Book Continued 1.00/1.01 Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. | 6.4 |
| 2007-02-27 | CVE-2007-1121 | SQL Injection vulnerability in ZephyrSoft Toolbox Address Book Continued 1.00/1.01 Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. | 6.4 |
| 2007-02-27 | CVE-2007-1119 | Unspecified vulnerability in Novell Zenworks 7 Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors. | 6.4 |
| 2007-02-27 | CVE-2007-1118 | Remote File Include vulnerability in EFiction Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php. network efiction | 6.8 |
| 2007-02-27 | CVE-2007-0996 | Remote vulnerability in Mozilla Thunderbird/SeaMonkey/Firefox The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. network mozilla | 5.8 |