Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-19 | CVE-2007-0351 | Local Security vulnerability in Microsoft Windows Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. | 6.2 |
2007-01-19 | CVE-2006-5963 | Multiple vulnerability in Pentaware Pentasuite-Pro and Pentazip Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows user-assisted remote attackers to extract files to arbitrary pathnames via a ../ (dot dot slash) in a filename. network pentaware | 4.3 |
2007-01-19 | CVE-2007-0349 | Directory Traversal vulnerability in indexu Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. | 5.0 |
2007-01-19 | CVE-2006-6941 | Information Disclosure vulnerability in FreeWebshop index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message. | 5.0 |
2007-01-18 | CVE-2007-0345 | Local Security vulnerability in Apple mac OS X 10.4.8 The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil. | 6.8 |
2007-01-18 | CVE-2007-0343 | Remote Denial Of Service vulnerability in OpenBSD ICMP6 Echo Request OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets. | 5.0 |
2007-01-18 | CVE-2007-0342 | Resource Management Errors vulnerability in multiple products WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. | 4.3 |
2007-01-18 | CVE-2007-0341 | Cross-Site Scripting vulnerability in PHPmyadmin 2.8.1 Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992. network phpmyadmin | 6.8 |
2007-01-18 | CVE-2007-0336 | Local Privilege Escalation vulnerability in Rixstep Undercover Undercover.app/Contents/Resources/uc in Rixstep Undercover allows local users to overwrite arbitrary files, probably related to a race condition. local rixstep | 4.4 |
2007-01-18 | CVE-2007-0335 | Local File Include vulnerability in JAX Scripts JAX Petition Book 1.0.3.06 Multiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute arbitrary local files via a .. network jax-scripts | 6.8 |