Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-10 | CVE-2007-0161 | Products PML Driver HPZ12 Local Privilege Escalation vulnerability in HP The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023. local hp | 4.1 |
| 2007-01-10 | CVE-2007-0159 | Directory Traversal vulnerability in Geoip 1.4.0 Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. | 6.4 |
| 2007-01-09 | CVE-2007-0148 | Unspecified vulnerability in Omnigroup Omniweb 5.5.1 Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function. network omnigroup | 6.8 |
| 2007-01-09 | CVE-2007-0147 | Unspecified vulnerability in Cuyahoga Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles. | 5.0 |
| 2007-01-09 | CVE-2007-0146 | Cross-Site Scripting vulnerability in FIX and Chips Computer Services FIX and Chips CMS 1.0 Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php. network fix-and-chips-computer-services | 6.0 |
| 2007-01-09 | CVE-2007-0144 | Cross-Site Scripting vulnerability in Digitizing Quote and Ordering System Digitizing Quote and Ordering System 1.0 Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter. | 6.8 |
| 2007-01-09 | CVE-2007-0143 | Remote Security vulnerability in Nune News Script 2.0Pre2 Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2) archives.php. network nune | 6.8 |
| 2007-01-09 | CVE-2007-0141 | HTML Injection vulnerability in YET Another Link Directory YET Another Link Directory 1.0 Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. network yet-another-link-directory | 6.8 |
| 2007-01-09 | CVE-2007-0138 | Denial-Of-Service vulnerability in Fersch Formbankserver 1.9 formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. | 5.0 |
| 2007-01-09 | CVE-2007-0137 | Cross-Site Scripting vulnerability in Serene Bach Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network serendipitynz | 6.8 |