Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-26 | CVE-2007-0533 | Remote Denial of Service vulnerability in Atozed Software Intraweb Component 9.0 The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the TIWServerController object. | 5.0 |
| 2007-01-26 | CVE-2007-0532 | Information Disclosure vulnerability in Tuan DO Uploader 6Beta1 Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt. | 5.0 |
| 2007-01-26 | CVE-2007-0529 | Cross-Site Scripting vulnerability in PHP Link Directory Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality. network php-link-directory | 4.3 |
| 2007-01-26 | CVE-2007-0527 | SQL Injection vulnerability in Website Baker Website Baker SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. | 6.8 |
| 2007-01-26 | CVE-2007-0526 | Cross-Site Scripting vulnerability in Bitweaver 1.3.1 Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php. network bitweaver | 4.3 |
| 2007-01-26 | CVE-2007-0516 | Remote Security vulnerability in Yana Framework Yana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. network yana-framework | 4.9 |
| 2007-01-26 | CVE-2007-0514 | Cross-Site Scripting vulnerability in Ucosminexus Developer Light Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps. network hitachi | 6.8 |
| 2007-01-26 | CVE-2007-0513 | Remote Denial of Service vulnerability in Hitachi HiRDB DataReplicator Server Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and 5.0(64); and various products that bundle HiRDB Datareplicator; allows attackers to cause a denial of service (CPU consumption) via certain data. | 5.0 |
| 2007-01-26 | CVE-2007-0512 | Remote Denial of Service vulnerability in Hitachi TPI Link and TPI Server Base Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 03-00 through 03-03-/H; and TP1/Server Base 05-00 through 05-00-/M, 03-01-E through 03-01-FD, 03-01 through 03-01-DB, and 05-03; allow attackers to cause a denial of service (process crash) via invalid data to an OpenTP1 port. | 5.0 |
| 2007-01-26 | CVE-2007-0511 | Remote File Include vulnerability in PHPxmldom 0.3 Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.php, or (3) parser.php in include/. network phpxmldom | 6.8 |