Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-25 | CVE-2007-0503 | Local Arbitrary Command Execution vulnerability in Kodak Color Management System Utilities Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors. local sun | 6.9 |
| 2007-01-25 | CVE-2007-0501 | Code Injection vulnerability in Mafia Scum Tools Mafia Scum Tools PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter. | 6.8 |
| 2007-01-25 | CVE-2007-0499 | Code Injection vulnerability in Sangwan KIM PHPindexpage PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter. | 6.8 |
| 2007-01-25 | CVE-2007-0497 | Remote File Include vulnerability in Upload-Service 1.0 PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter. network upload-service | 6.8 |
| 2007-01-25 | CVE-2007-0494 | Data Processing Errors vulnerability in ISC Bind ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability. | 4.3 |
| 2007-01-25 | CVE-2007-0491 | Remote Security vulnerability in Myspeach PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630. network sky-gunning | 6.8 |
| 2007-01-25 | CVE-2007-0490 | Information Disclosure vulnerability in Open-Realty 2.3.4 index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action. | 5.0 |
| 2007-01-25 | CVE-2007-0489 | Remote File Include vulnerability in VisoHotlink Functions.Visohotlink.PHP PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. network visohotlink | 6.8 |
| 2007-01-25 | CVE-2007-0488 | Denial-Of-Service vulnerability in Huawei Versatile Routing Platform 1.432500E003Firmware The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Quidway R1600 Router, and possibly other models, allows remote attackers to cause a denial of service (device crash) via a long show arp command. | 5.0 |
| 2007-01-25 | CVE-2007-0483 | Input Validation vulnerability in Enthusiast 3.1 Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. network enthusiast | 6.8 |