Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2007-01-30 CVE-2007-0596 Remote Security vulnerability in Aztek Forum Aztek Forum 4.0
PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter.
network
aztek-forum
6.0
6.0
2007-01-30 CVE-2007-0595 Cross-Site Scripting vulnerability in High5 Review Script
Cross-site scripting (XSS) vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter (aka the search box).
network
designmind
4.3
4.3
2007-01-30 CVE-2007-0594 Information Disclosure vulnerability in Siteman 2.0.X2
Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD.
network
low complexity
siteman
5.0
5.0
2007-01-30 CVE-2007-0593 Information Disclosure vulnerability in Siteman 1.1.11
Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt.
network
low complexity
siteman
5.0
5.0
2007-01-30 CVE-2007-0592 Cross-Site Scripting vulnerability in Indexcor Ezdatabase 2.1.3
Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database.
network
indexcor
6.8
6.8
2007-01-30 CVE-2007-0590 Cross-Site Scripting vulnerability in Forum Livre Forum Livre 1.0
Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter.
network
forum-livre
5.8
5.8
2007-01-30 CVE-2007-0583 Cross-Site Scripting vulnerability in Http Commander Http Commander 6.0
Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx.
network
http-commander
4.3
4.3
2007-01-30 CVE-2007-0580 Remote File Include vulnerability in Javier Suarez Sanz Foro Domus 2.10
PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 allows remote attackers to execute arbitrary PHP code via a URL in the sesion_idioma parameter. 		6.8
6.8
2007-01-30 CVE-2007-0579 Local File Include vulnerability in Horde Groupware Calendar Component
Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors.
network
high complexity
horde
5.1
5.1
2007-01-30 CVE-2007-0578 Denial of Service vulnerability in MPG123 HTTP_Open() Connection Handling
The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.
network
mpg123
4.3
4.3