Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-26 | CVE-2007-0529 | Cross-Site Scripting vulnerability in PHP Link Directory Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality. network php-link-directory | 4.3 |
2007-01-26 | CVE-2007-0527 | SQL Injection vulnerability in Website Baker Website Baker SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. | 6.8 |
2007-01-26 | CVE-2007-0526 | Cross-Site Scripting vulnerability in Bitweaver 1.3.1 Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php. network bitweaver | 4.3 |
2007-01-26 | CVE-2007-0516 | Remote Security vulnerability in Yana Framework Yana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. network yana-framework | 4.9 |
2007-01-26 | CVE-2007-0514 | Cross-Site Scripting vulnerability in Ucosminexus Developer Light Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps. network hitachi | 6.8 |
2007-01-26 | CVE-2007-0513 | Remote Denial of Service vulnerability in Hitachi HiRDB DataReplicator Server Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and 5.0(64); and various products that bundle HiRDB Datareplicator; allows attackers to cause a denial of service (CPU consumption) via certain data. | 5.0 |
2007-01-26 | CVE-2007-0512 | Remote Denial of Service vulnerability in Hitachi TPI Link and TPI Server Base Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 03-00 through 03-03-/H; and TP1/Server Base 05-00 through 05-00-/M, 03-01-E through 03-01-FD, 03-01 through 03-01-DB, and 05-03; allow attackers to cause a denial of service (process crash) via invalid data to an OpenTP1 port. | 5.0 |
2007-01-26 | CVE-2007-0511 | Remote File Include vulnerability in PHPxmldom 0.3 Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.php, or (3) parser.php in include/. network phpxmldom | 6.8 |
2007-01-26 | CVE-2007-0507 | SQL Injection vulnerability in Drupal Acidfree 4.61.0/4.71.0 SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles. network drupal | 6.0 |
2007-01-26 | CVE-2007-0506 | Multiple vulnerability in Drupal Project and Project Issues Tracking Modules The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests. network drupal | 6.0 |