Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-18 | CVE-2007-0331 | Cross-Site Scripting vulnerability in Xentraz Liens Dynamiques 2.1 Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu. network xentraz | 6.8 |
2007-01-18 | CVE-2007-0329 | Directory Traversal vulnerability in Jv2 Folder Gallery download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. | 5.0 |
2007-01-18 | CVE-2006-6489 | Remote Denial of Service vulnerability in SISCO OSI Stack Malformed Packet The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-EASE, AX-S4 MMS and AX-S4 ICCP, and possibly other control system applications, allows remote attackers to cause a denial of service (application termination and restart) via malformed packets. | 5.0 |
2007-01-18 | CVE-2007-0311 | Remote Denial of Service vulnerability in WFTPD Server SITE ADMIN Command Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command. | 5.0 |
2007-01-18 | CVE-2007-0310 | Unspecified vulnerability in BMC Remedy Action Request System 5.01.02Patch1267 BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names. | 5.0 |
2007-01-18 | CVE-2007-0308 | Cross-Site Scripting vulnerability in WebGUI Wiki Title Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles. network plain-black | 6.8 |
2007-01-18 | CVE-2007-0302 | Cross-Site Scripting vulnerability in Instantasp 4.1.0 Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx. network instantasp | 6.8 |
2007-01-18 | CVE-2007-0301 | Remote File Include vulnerability in Fdweb Espace Membre 2.01 PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. network fdweb | 6.8 |
2007-01-18 | CVE-2007-0300 | Remote File Include vulnerability in TLM CMS Chemin Parameter PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. network tlm-cms | 6.8 |
2007-01-17 | CVE-2007-0243 | Buffer Errors vulnerability in SUN Jdk, JRE and SDK Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. | 6.8 |