Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-09 | CVE-2007-0143 | Remote Security vulnerability in Nune News Script 2.0Pre2 Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2) archives.php. network nune | 6.8 |
| 2007-01-09 | CVE-2007-0141 | HTML Injection vulnerability in YET Another Link Directory YET Another Link Directory 1.0 Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. network yet-another-link-directory | 6.8 |
| 2007-01-09 | CVE-2007-0138 | Denial-Of-Service vulnerability in Fersch Formbankserver 1.9 formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. | 5.0 |
| 2007-01-09 | CVE-2007-0137 | Cross-Site Scripting vulnerability in Serene Bach Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network serendipitynz | 6.8 |
| 2007-01-09 | CVE-2007-0136 | Cross-Site Scripting vulnerability in Drupal Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. | 4.3 |
| 2007-01-09 | CVE-2007-0135 | Remote Security vulnerability in Aratix PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter. network aratix | 6.8 |
| 2007-01-09 | CVE-2007-0125 | Denial Of Service vulnerability in Kaspersky LAB Kaspersky Antivirus Engine 5.5.10/6.0 Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file. | 5.0 |
| 2007-01-09 | CVE-2007-0123 | File-Upload vulnerability in Uber Uploader Uber Uploader 4.2 Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations. network uber-uploader | 6.8 |
| 2007-01-09 | CVE-2007-0122 | SQL Injection vulnerability in Coppermine Photo Gallery Albmgr.PHP Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions. | 6.5 |
| 2007-01-09 | CVE-2007-0121 | Cross-Site Scripting vulnerability in Michael Romedahl RI Blog 1.3 Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter. network michael-romedahl | 6.8 |