Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-13 | CVE-2007-0907 | Multiple vulnerability in PHP 5.2.0 and Prior Versions Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. | 5.0 |
| 2007-02-13 | CVE-2007-0902 | Cross-Site Scripting vulnerability in Moinmoin 1.5.7 Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. | 5.0 |
| 2007-02-13 | CVE-2007-0901 | Cross-Site Scripting vulnerability in Moinmoin 1.5.7 Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. network moinmoin | 4.3 |
| 2007-02-13 | CVE-2007-0896 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712. | 4.3 |
| 2007-02-12 | CVE-2007-0894 | Information Disclosure vulnerability in Mediawiki MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message. | 5.0 |
| 2007-02-12 | CVE-2007-0893 | Path Traversal vulnerability in Matthieu Aubry PHPmyvisites Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme. | 5.0 |
| 2007-02-12 | CVE-2007-0891 | Cross-Site Scripting vulnerability in Matthieu Aubry PHPmyvisites Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
| 2007-02-12 | CVE-2007-0890 | Cross-Site Scripting vulnerability in CPanel PassWDMySQL Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter. network cpanel | 4.3 |
| 2007-02-12 | CVE-2007-0889 | Information Disclosure vulnerability in Kiwi Cattools Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. | 4.6 |
| 2007-02-12 | CVE-2006-7004 | Cross-Site Scripting vulnerability in PSY Auction Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. network php-script-tools | 6.8 |