Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-04 | CVE-2007-0707 | Unspecified vulnerability in GOM Player GOM Player 2.0.12.3375 Stack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. network gom-player | 6.8 |
| 2007-02-04 | CVE-2007-0700 | Path Traversal vulnerability in Portail web PHP Portail web PHP 2.5.1.1 Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2007-02-03 | CVE-2007-0475 | Multiple vulnerability in SMB4K Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration. local smb4k | 4.4 |
| 2007-02-03 | CVE-2007-0698 | SQL-Injection vulnerability in Acgvannu Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the id_mod parameter to templates/modif.html, and other unspecified vectors. network mentiss-acgv | 6.8 |
| 2007-02-03 | CVE-2007-0697 | Unspecified vulnerability in Mentiss Acgv Acgvannu index2.php in ACGVannu 1.3 and earlier allows remote attackers to change the password or profile of a user via a modified id parameter, related to templates/modif.html. | 6.4 |
| 2007-02-03 | CVE-2007-0696 | Cross-Site Scripting vulnerability in Free Lan Intra Internet Portal Cross-site scripting (XSS) vulnerability in error messages in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors than CVE-2007-0611. network free-lan-intra-internet-portal | 6.8 |
| 2007-02-03 | CVE-2007-0687 | SQL Injection vulnerability in Michelles L2J DropCalc I-Search.PHP SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter. | 6.5 |
| 2007-02-03 | CVE-2007-0676 | SQL Injection vulnerability in Exophpdesk 1.2/1.2.1 SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. network exo | 6.8 |
| 2007-02-03 | CVE-2007-0670 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3 Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin. | 4.6 |
| 2007-02-02 | CVE-2007-0668 | Local Denial of Service vulnerability in SUN Solaris 10.0 The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service. | 6.2 |