Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-21 | CVE-2007-1049 | Cross-Site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. | 4.3 |
2007-02-21 | CVE-2007-1046 | Remote Security vulnerability in Dem Trac Dem_trac allows remote attackers to read log file contents via a direct request for /anc_sit.txt. | 5.0 |
2007-02-21 | CVE-2007-1044 | Information Exposure vulnerability in Pearson Education Powerschool 4.3.6 Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2. | 5.0 |
2007-02-21 | CVE-2007-1042 | Path Traversal vulnerability in Xpression News Xpression News 1.0.1 Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. | 5.8 |
2007-02-21 | CVE-2007-1038 | Denial of Service vulnerability in Grabit Field Handling Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a .nzb file with a subject field containing ';' (semicolon) characters. | 5.0 |
2007-02-21 | CVE-2007-1032 | Remote Security vulnerability in phpMyFAQ Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server." Successful exploitation requires that "register_globals" is enabled. network phpmyfaq | 6.8 |
2007-02-21 | CVE-2007-1031 | Path Traversal vulnerability in Spoonlabs Vivvo Article Management CMS 3.4 Directory traversal vulnerability in include/db_conn.php in SpoonLabs Vivvo Article Management CMS 3.4 allows remote attackers to include and execute arbitrary local files via the root parameter. | 6.8 |
2007-02-21 | CVE-2007-1028 | HTML Injection vulnerability in Barry Jaspan Image Pager 4.7/5.0 Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image Pager 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTML entities and the IMG element. network barry-jaspan | 6.8 |
2007-02-21 | CVE-2007-1027 | Link Following vulnerability in IBM DB2 9.0 Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file. | 4.4 |
2007-02-21 | CVE-2007-1020 | Remote File Include vulnerability in Cedstat 1.31 Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter. network cedstat | 6.8 |