Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-11 | CVE-2007-0176 | Cross-Site Scripting vulnerability in Gforge 4.5.11 Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter. network gforge | 6.8 |
| 2007-01-11 | CVE-2007-0175 | Cross-Site Scripting vulnerability in B2Evolution 1.8.2/1.8.5/1.8.6 Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter. | 4.3 |
| 2007-01-11 | CVE-2007-0173 | Local File Include vulnerability in L2J Statistik Script 0.09 Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. network l2j | 6.8 |
| 2007-01-10 | CVE-2007-0162 | Local Privilege Escalation vulnerability in Unsanity Application Enhancer 2.0.2 Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files. | 6.8 |
| 2007-01-10 | CVE-2007-0161 | Products PML Driver HPZ12 Local Privilege Escalation vulnerability in HP The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023. local hp | 4.1 |
| 2007-01-10 | CVE-2007-0159 | Directory Traversal vulnerability in Geoip 1.4.0 Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. | 6.4 |
| 2007-01-09 | CVE-2007-0148 | Unspecified vulnerability in Omnigroup Omniweb 5.5.1 Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function. network omnigroup | 6.8 |
| 2007-01-09 | CVE-2007-0147 | Unspecified vulnerability in Cuyahoga Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles. | 5.0 |
| 2007-01-09 | CVE-2007-0146 | Cross-Site Scripting vulnerability in FIX and Chips Computer Services FIX and Chips CMS 1.0 Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php. network fix-and-chips-computer-services | 6.0 |
| 2007-01-09 | CVE-2007-0144 | Cross-Site Scripting vulnerability in Digitizing Quote and Ordering System Digitizing Quote and Ordering System 1.0 Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter. | 6.8 |