Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-01 | CVE-2007-0650 | Remote Buffer Overflow vulnerability in Makeindex 2.14 Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. network makeindex | 6.8 |
| 2007-02-01 | CVE-2007-0649 | Code Injection vulnerability in Openemr Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. | 4.3 |
| 2007-02-01 | CVE-2007-0645 | Products Format String vulnerability in Apple Iphoto 6.0.5 Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions. network apple | 6.8 |
| 2007-01-31 | CVE-2007-0643 | Buffer Overflow vulnerability in Bloodshed Software Dev-C++ 4.9.9.2 Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file. network bloodshed-software | 4.3 |
| 2007-01-31 | CVE-2007-0638 | Information Disclosure vulnerability in Vlad Alexa Mancini PHPfootball 1.6 show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter. | 5.0 |
| 2007-01-31 | CVE-2007-0629 | Unspecified vulnerability in Plain Black Webgui 7.3.8 The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. | 6.4 |
| 2007-01-31 | CVE-2007-0628 | Cross-Site Scripting vulnerability in Sun Java System Access Manager Undisclosed Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. network sun | 4.3 |
| 2007-01-31 | CVE-2007-0627 | Information Disclosure vulnerability in GTalkbot Username and Password Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process. | 4.9 |
| 2007-01-31 | CVE-2007-0626 | Unspecified vulnerability in Drupal 5.0 The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines." | 6.5 |
| 2007-01-31 | CVE-2007-0625 | Remote Denial Of Service vulnerability in NoMachine NX Server NXCONFIGURE.SH nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service. | 4.9 |