Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-29 | CVE-2006-6961 | Denial-Of-Service vulnerability in Spy Sweeper WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name. network webroot-software | 6.8 |
2007-01-29 | CVE-2006-6960 | Security Bypass vulnerability in Spy Sweeper The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression. network webroot-software | 6.8 |
2007-01-29 | CVE-2006-6959 | Local Security vulnerability in Webroot Software SPY Sweeper 4.5.9 WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys. | 4.6 |
2007-01-29 | CVE-2006-6957 | Code Injection vulnerability in Docebo PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_framework] parameter. | 6.8 |
2007-01-29 | CVE-2006-6956 | Improper Input Validation vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | 4.3 |
2007-01-29 | CVE-2006-6955 | Improper Input Validation vulnerability in Opera Browser Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | 4.3 |
2007-01-29 | CVE-2006-6954 | Improper Input Validation vulnerability in Flock 1.0.7 Flock beta 1 0.7 allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | 4.3 |
2007-01-26 | CVE-2007-0534 | Cross-Site Scripting vulnerability in Project Issue Tracking Module Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking." network drupal | 4.3 |
2007-01-26 | CVE-2007-0533 | Remote Denial of Service vulnerability in Atozed Software Intraweb Component 9.0 The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the TIWServerController object. | 5.0 |
2007-01-26 | CVE-2007-0532 | Information Disclosure vulnerability in Tuan DO Uploader 6Beta1 Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt. | 5.0 |