Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-09 | CVE-2007-0119 | Cross-Site Scripting vulnerability in Edittag 1.2 Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi. network edittag | 6.8 |
| 2007-01-09 | CVE-2007-0118 | Directory Traversal vulnerability in Edittag 1.2 Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl. network edittag | 4.3 |
| 2007-01-09 | CVE-2007-0115 | Remote Security vulnerability in Coppermine Photo Gallery Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php. network coppermine | 6.0 |
| 2007-01-09 | CVE-2007-0114 | Information Disclosure vulnerability in SUN Java System Content Delivery Server 5.0 Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors. | 5.0 |
| 2007-01-09 | CVE-2007-0113 | Buffer Overflow Denial Of Service vulnerability in Packeteer Packetwise 8.0 Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote authenticated users to cause a denial of service (reset or reboot) via (1) a long traffic class argument to the "class show" command or (2) a long POLICY parameter value in clastree.htm. | 6.8 |
| 2007-01-09 | CVE-2007-0110 | Cross-Site Scripting vulnerability in Novell Access Manager Identity Server 3 Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message. network novell | 6.8 |
| 2007-01-09 | CVE-2007-0109 | Information Disclosure vulnerability in WordPress wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. | 5.0 |
| 2007-01-09 | CVE-2007-0108 | Unspecified vulnerability in Novell Client 4.91 nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles. network novell | 6.0 |
| 2007-01-09 | CVE-2007-0107 | SQL Injection vulnerability in WordPress Charset Decoding WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7. network wordpress | 6.8 |
| 2007-01-09 | CVE-2007-0106 | Cross-Site Scripting vulnerability in Wordpress Invalid CSRF Token Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request. network wordpress | 6.8 |