Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-12 | CVE-2007-0885 | Cross-Site Scripting vulnerability in Atlassian JIRA BrowseProject.JSPA Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter. network rainbow-portal | 6.8 |
2007-02-12 | CVE-2007-0883 | Directory Traversal vulnerability in IP3 NetAccess Directory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-02-12 | CVE-2007-0881 | Remote File Include vulnerability in Openi-Cms Group Openi-Cms 1.0 PHP remote file inclusion vulnerability in the Seitenschutz plugin for OPENi-CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the (1) config[oi_dir] and possibly (2) config[openi_dir] parameters to open-admin/plugins/site_protection/index.php. network openi-cms-group | 6.8 |
2007-02-12 | CVE-2007-0877 | Denial of Service vulnerability in March Networks Digital Video Recorders Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service. | 5.0 |
2007-02-12 | CVE-2007-0876 | Cross-Site Scripting vulnerability in Qdig QWD Variable Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI. network qdig | 4.3 |
2007-02-12 | CVE-2007-0874 | Authentication Bypass vulnerability in Allons Voter Allons Voter 1.0 Allons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php. network allons-voter | 6.8 |
2007-02-12 | CVE-2007-0872 | Directory Traversal vulnerability in Plain OLD Webserver Plain OLD Webserver 0.0.7/0.0.8 Directory traversal vulnerability in the Plain Old Webserver (POW) add-on before 0.0.9 for Mozilla Firefox allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-02-12 | CVE-2006-7002 | Cross-Site Scripting vulnerability in Wheatblog 1.1 Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. network wheatblog | 4.3 |
2007-02-12 | CVE-2006-7000 | Remote Security vulnerability in Deskpro 2.0.0/2.0.1 Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages. | 5.0 |
2007-02-12 | CVE-2006-6999 | Information Exposure vulnerability in Headstart Solutions Deskpro 2.0.0/2.0.1 attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter. | 4.3 |