Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-19 | CVE-2007-0392 | Local Security vulnerability in IBM AIX 5.3 IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | 4.6 |
| 2007-01-19 | CVE-2007-0390 | Cross-Site Scripting vulnerability in Sabros.Us 1.7 Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter. network sabros-us | 6.8 |
| 2007-01-19 | CVE-2007-0384 | Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.764 Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.1 |
| 2007-01-19 | CVE-2007-0380 | Information Disclosure vulnerability in Docman 1.3Rc2 DocMan 1.3 RC2 allows remote attackers to obtain sensitive information (the full path) via unspecified vectors. | 5.0 |
| 2007-01-19 | CVE-2007-0379 | Cross-Site Scripting vulnerability in Docman 1.3Rc2 Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network docman | 6.8 |
| 2007-01-19 | CVE-2007-0375 | Information Disclosure vulnerability in Joomla 1.5.0Beta Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script. | 5.0 |
| 2007-01-19 | CVE-2007-0373 | SQL Injection vulnerability in Joomla 1.5.0Beta Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function. network joomla | 6.8 |
| 2007-01-19 | CVE-2007-0371 | Denial of Service vulnerability in BrowseDialog ActiveX Control CCRPBDS6.DLL A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP_BDc.SelectedFolder property value. | 4.3 |
| 2007-01-19 | CVE-2007-0367 | Local Security vulnerability in Rumpus Ftp Server Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files. | 4.6 |
| 2007-01-19 | CVE-2007-0366 | Local Security vulnerability in Rumpus Ftp Server Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program. | 4.6 |