Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2009-08-28 CVE-2008-7110 Path Traversal vulnerability in Kyoceramita Scanner File Utility 3.3.0.1
Directory traversal vulnerability in the Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to upload files to arbitrary locations via a ..
network
low complexity
kyoceramita CWE-22
7.8
2009-08-28 CVE-2008-7109 Incorrect Authorization vulnerability in Kyoceramita Scanner File Utility 3.3.0.1
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password.
network
low complexity
kyoceramita CWE-863
critical
9.8
2009-08-28 CVE-2008-7108 Cross-Site Scripting vulnerability in PHPcart 3.4
Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart 3.4 through 4.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) quantity or (2) Add Engraving fields to the default URI; (3) Quantity field to phpcart.php; (4) Name, (5) Company, (6) Address, (7) City, and (8) Province/State fields in a checkout action to phpcart.php; and other unspecified vectors.
network
phpcart CWE-79
4.3
2009-08-28 CVE-2008-7107 Improper Input Validation vulnerability in Eset Smart Security 3.0.667.0
easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface.
local
low complexity
eset CWE-20
7.2
2009-08-27 CVE-2008-7106 Unspecified vulnerability in Sophos Puremessage for Microsoft Exchange 3.0
The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of scanner protection or a denial of service (message loss or delay).
network
low complexity
sophos
5.0
2009-08-27 CVE-2008-7105 Denial Of Service vulnerability in Sophos Puremessage for Microsoft Exchange 3.0
Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text.
network
low complexity
sophos
5.0
2009-08-27 CVE-2008-7104 Denial Of Service vulnerability in Sophos Puremessage for Microsoft Exchange 3.0
Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (message queue delay and incomplete spam rule update) via a crafted (1) RTF or (2) PDF file.
network
low complexity
sophos
5.0
2009-08-27 CVE-2008-7103 Buffer Errors vulnerability in Najdi.Si Toolbar 2.0.4.1
Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dll in Najdi.si Toolbar 2.0.4.1 allows remote attackers to cause a denial of service (browser crash) or execute arbitrary code via a long Document.Location property value.
network
najdi-si CWE-119
critical
9.3
2009-08-27 CVE-2008-7102 Improper Input Validation vulnerability in Dotnetnuke
DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation.
network
low complexity
dotnetnuke CWE-20
7.5
2009-08-27 CVE-2008-7101 Security Bypass and Information Disclosure vulnerability in DotNetNuke
Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain sensitive information (portal number) by accessing the install wizard page via unknown vectors.
network
low complexity
dotnetnuke
5.0