Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-09 | CVE-2007-0104 | Improper Input Validation vulnerability in multiple products The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | 6.8 |
2007-01-09 | CVE-2007-0103 | Improper Input Validation vulnerability in Adobe Acrobat Reader The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | 6.8 |
2007-01-09 | CVE-2007-0102 | Improper Input Validation vulnerability in Apple Preview 3.0.8 The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | 6.8 |
2007-01-08 | CVE-2007-0101 | Cross-Site Request Forgery vulnerability in Spine Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthorized actions as administrators via unspecified vectors. network spine | 6.8 |
2007-01-05 | CVE-2007-0098 | File-Upload vulnerability in VerliAdmin Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. network verliadmin | 6.8 |
2007-01-05 | CVE-2007-0095 | Information Disclosure vulnerability in PHPmyadmin 2.9.1.1 phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message. | 5.0 |
2007-01-05 | CVE-2007-0088 | Directory Traversal vulnerability in Openmedia Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary files via a .. | 5.0 |
2007-01-05 | CVE-2007-0085 | Local Security vulnerability in Openbsd 3.9/4.0 Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference. | 6.0 |
2007-01-05 | CVE-2007-0083 | Unspecified vulnerability in Nuked-Klan Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file, as demonstrated by "Remote Cookie Disclosure." NOTE: it could be argued that this is an issue in Shockwave instead of Nuked Klan. network nuked-klan | 6.8 |
2007-01-05 | CVE-2007-0082 | Unspecified vulnerability in Imgallery 2.4/2.5 users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts. | 6.5 |