Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-08 | CVE-2008-7179 | Improper Authentication vulnerability in Otmanager CMS 2.4 OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php. | 7.5 |
| 2009-09-08 | CVE-2008-7178 | Path Traversal vulnerability in Xoops Uploader 1.1 Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2009-09-08 | CVE-2008-7177 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nasm Netwide Assembler Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719. | 9.3 |
| 2009-09-08 | CVE-2008-7176 | Path Traversal vulnerability in Celina Jorge Facil CMS 0.1 Multiple directory traversal vulnerabilities in Facil CMS 0.1RC allow remote attackers to read arbitrary files via a .. | 6.8 |
| 2009-09-08 | CVE-2008-7175 | Cross-Site Scripting vulnerability in Alex Rabe Nextgen Gallery Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action. | 4.3 |
| 2009-09-08 | CVE-2008-7174 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Juracapecoffee Internet Connectivity KIT Multiple buffer overflows in the Jura Internet Connection Kit for the Jura Impressa F90 coffee maker allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to improper use of the gets and sprintf functions. | 10.0 |
| 2009-09-08 | CVE-2008-7173 | Permissions, Privileges, and Access Controls vulnerability in Juracapecoffee Internet Connectivity KIT The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. | 10.0 |
| 2009-09-08 | CVE-2008-7172 | Permissions, Privileges, and Access Controls vulnerability in Yanick Bourbeau Lightweight News Portal 1.0B Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions. | 7.5 |
| 2009-09-08 | CVE-2008-7171 | Cross-Site Scripting vulnerability in Yanick Bourbeau Lightweight News Portal 1.0B Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, (2) potd parameter to show_potd.php, or (3) the Current question field in a vote action to admin.php. | 4.3 |
| 2009-09-08 | CVE-2008-7170 | Permissions, Privileges, and Access Controls vulnerability in Gameservers GSC 1.00 GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet. | 10.0 |