Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-29 | CVE-2007-0548 | Denial-Of-Service vulnerability in Karjasoft Sami Http Server 2.0.1 KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects. | 5.0 |
| 2007-01-29 | CVE-2007-0547 | Cross-Site Scripting vulnerability in WebFORM Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network cgi-rescue | 4.3 |
| 2007-01-29 | CVE-2007-0544 | HTML Injection vulnerability in Mybb 1.2.3 Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949. network mybb | 6.0 |
| 2007-01-29 | CVE-2007-0542 | Cross-Site Scripting vulnerability in 212Cafe Guestbook 4.00Beta Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestbook 4.00 beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. network 212cafe | 6.8 |
| 2007-01-29 | CVE-2007-0541 | Permissions, Privileges, and Access Controls vulnerability in Wordpress WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment. | 5.0 |
| 2007-01-29 | CVE-2007-0540 | Unspecified vulnerability in Wordpress WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. | 5.0 |
| 2007-01-29 | CVE-2007-0538 | Denial-Of-Service vulnerability in Community Server Forums Telligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. | 5.0 |
| 2007-01-29 | CVE-2007-0463 | Unspecified vulnerability in Apple Software Update 2.0.5 Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type. | 5.0 |
| 2007-01-29 | CVE-2006-6964 | Information Disclosure vulnerability in MailEnable Professional MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source. | 4.0 |
| 2007-01-29 | CVE-2006-6962 | Code Injection vulnerability in Joomla RS Gallery2 1.11.2 PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. | 6.8 |