Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-26 | CVE-2007-1110 | Local File Include vulnerability in Activecalendar 1.2.0 Directory traversal vulnerability in data/showcode.php in ActiveCalendar 1.2.0 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2007-02-26 | CVE-2007-1109 | Cross-Site Scripting vulnerability in PHPwebgallery Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674. | 4.3 |
| 2007-02-26 | CVE-2007-1108 | Remote File Include vulnerability in CS-Gallery PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action. network cs-gallery | 6.8 |
| 2007-02-26 | CVE-2007-1106 | Remote File Include vulnerability in Nomoketos Rules Nomoketos Rules 0.0.1 PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. network nomoketos-rules | 6.8 |
| 2007-02-26 | CVE-2007-1105 | Remote File Include vulnerability in Extreme PHPbb Extreme PHPbb 3.0.1 PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 5.0 |
| 2007-02-26 | CVE-2007-1104 | Remote File Include vulnerability in PHP MIP PHP MIP 0.1 PHP remote file inclusion vulnerability in top.php in PHP Module Implementation (PHP-MIP) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the laypath parameter. network php-mip | 4.3 |
| 2007-02-26 | CVE-2007-1103 | Remote Security vulnerability in Tor Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations. network tor | 4.3 |
| 2007-02-26 | CVE-2007-1102 | Information Disclosure vulnerability in Photostand 1.2.0 Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages. | 5.0 |
| 2007-02-26 | CVE-2007-1101 | Cross-Site Scripting vulnerability in Photostand 1.2.0 Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message ("comment") or (2) name field, or the (3) q parameter in a search action in index.php. | 4.3 |
| 2007-02-26 | CVE-2007-1095 | Unspecified vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. network mozilla | 6.8 |