Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-08 | CVE-2006-2219 | Improper Input Validation vulnerability in PHPbb Group PHPbb 2.0.20 phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message. | 5.0 |
| 2007-02-08 | CVE-2007-0840 | Cross Site Scripting vulnerability in Hlstats 1.34 Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. network hlstats | 6.8 |
| 2007-02-08 | CVE-2007-0838 | Denial of Service vulnerability in Freeproxy 3.92 FreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service (infinite loop) via a HOST: header with a hostname and port number that refers to the server itself. | 5.0 |
| 2007-02-08 | CVE-2007-0836 | Remote And Local File Include vulnerability in Coppermine Photo Gallery admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. | 4.0 |
| 2007-02-08 | CVE-2007-0835 | Unspecified vulnerability in Coppermine Photo Gallery admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. | 6.5 |
| 2007-02-07 | CVE-2007-0834 | Cross-Site Scripting vulnerability in Darrens 5-Dollar Script Archive Flashchat 4.7.8 Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via the user name field when the user joins a chat room, a different vulnerability than CVE-2007-0807. network darrens-5-dollar-script-archive | 6.8 |
| 2007-02-07 | CVE-2007-0829 | Unspecified vulnerability in Alwil Avast Antivirus avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements. local alwil | 4.4 |
| 2007-02-07 | CVE-2007-0827 | Remote Code Execution vulnerability in Alipay Password Input ActiveX Control The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call. network alibaba | 6.8 |
| 2007-02-07 | CVE-2007-0821 | Remote File Include vulnerability in Cedric Claire Portailphp 2 Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to read arbitrary files via a .. | 5.0 |
| 2007-02-07 | CVE-2007-0817 | Cross-Site Scripting vulnerability in Adobe Coldfusion 6.1/7.0.1/7.0.2 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page. network adobe | 4.3 |