Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-06 | CVE-2007-0798 | HTML Injection and SQL Injection vulnerability in Uapplication Ublog Reload 1.0.5 Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (2) badword.asp, (3) polls.asp, and (4) users.asp. network uapplication | 4.3 |
| 2007-02-06 | CVE-2007-0791 | HTML Injection And Information disclosure vulnerability in Mozilla Bugzilla Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network mozilla | 4.3 |
| 2007-02-06 | CVE-2007-0788 | HTML Injection vulnerability in Mediawiki 1.9.0/1.9.1 Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "sortable tables JavaScript." network mediawiki | 4.3 |
| 2007-02-06 | CVE-2007-0787 | Local File Include vulnerability in Simple Invoices Simple Invoices 20070202 PHP remote file inclusion vulnerability in controller.php in Simple Invoices before 20070202 allows remote attackers to execute arbitrary PHP code via a URL in the (1) module or (2) view parameter. network simple-invoices | 6.8 |
| 2007-02-06 | CVE-2007-0768 | HTML Injection vulnerability in Yahoo! Messenger Notification Message Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. network yahoo | 4.3 |
| 2007-02-06 | CVE-2007-0764 | File-Upload vulnerability in F3Site 2.1 Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php. | 6.5 |
| 2007-02-06 | CVE-2007-0763 | HTML Injection vulnerability in F3Site 2.1 Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field. network f3site | 6.8 |
| 2007-02-06 | CVE-2007-0453 | Remote Buffer Overflow vulnerability in Samba NSS host lookup Winbind Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions. | 4.6 |
| 2007-02-06 | CVE-2007-0452 | Denial of Service vulnerability in Samba Deferred CIFS File Open smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop. | 6.8 |
| 2007-02-06 | CVE-2007-0556 | Information Disclosure and Denial of Service vulnerability in PostgreSQL The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server. | 6.6 |