Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-31 | CVE-2007-0624 | Remote Security vulnerability in Maxdev Mdpro 1.0.76 user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation. | 5.0 |
| 2007-01-31 | CVE-2007-0622 | Cross-Site Request Forgery vulnerability in Mybb 1.2.2 Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. | 5.0 |
| 2007-01-31 | CVE-2007-0620 | Information Disclosure vulnerability in Vlad Leont FD Script 1.3/1.3.1/1.3.2 download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php. | 5.0 |
| 2007-01-31 | CVE-2007-0617 | Unspecified vulnerability in Earthlink Total Access The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions. network earthlink | 6.8 |
| 2007-01-31 | CVE-2007-0613 | Remote Denial of Service vulnerability in Apple Ichat, Instant Message Framework and Mdnsresponder The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries. | 5.0 |
| 2007-01-31 | CVE-2007-0467 | Denial-Of-Service vulnerability in Apple mac OS X 10.4.8 crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/. | 6.2 |
| 2007-01-31 | CVE-2007-0611 | Cross-Site Scripting vulnerability in Free Lan Intra Internet Portal Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) inc.page.php and (2) inc.text.php. network free-lan-intra-internet-portal | 6.8 |
| 2007-01-31 | CVE-2007-0610 | Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.7 Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. network cmsmadesimple | 6.8 |
| 2007-01-30 | CVE-2006-5754 | Local Denial of Service vulnerability in Linux Kernel AIO_Setup_Ring The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation. | 4.9 |
| 2007-01-30 | CVE-2007-0604 | Cross-Site Scripting vulnerability in Movable Type Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231. network six-apart-ltd | 6.8 |