Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-29 | CVE-2006-6964 | Information Disclosure vulnerability in MailEnable Professional MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source. | 4.0 |
2007-01-29 | CVE-2006-6962 | Code Injection vulnerability in Joomla RS Gallery2 1.11.2 PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. | 6.8 |
2007-01-29 | CVE-2006-6961 | Denial-Of-Service vulnerability in Spy Sweeper WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name. network webroot-software | 6.8 |
2007-01-29 | CVE-2006-6960 | Security Bypass vulnerability in Spy Sweeper The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression. network webroot-software | 6.8 |
2007-01-29 | CVE-2006-6959 | Local Security vulnerability in Webroot Software SPY Sweeper 4.5.9 WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys. | 4.6 |
2007-01-29 | CVE-2006-6957 | Code Injection vulnerability in Docebo PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_framework] parameter. | 6.8 |
2007-01-29 | CVE-2006-6956 | Improper Input Validation vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | 4.3 |
2007-01-29 | CVE-2006-6955 | Improper Input Validation vulnerability in Opera Browser Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | 4.3 |
2007-01-29 | CVE-2006-6954 | Improper Input Validation vulnerability in Flock 1.0.7 Flock beta 1 0.7 allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | 4.3 |
2007-01-26 | CVE-2007-0534 | Cross-Site Scripting vulnerability in Project Issue Tracking Module Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking." network drupal | 4.3 |