Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-08-24 | CVE-2008-7058 | Cross-Site Request Forgery (CSRF) vulnerability in Grayscalecms Bandsite CMS 1.1.4 Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 allows remote attackers to hijack the authentication of administrators and force a logout via adminpanel/logout.php. | 6.8 |
2009-08-24 | CVE-2008-7057 | Cross-Site Scripting vulnerability in Grayscalecms Bandsite CMS 1.1.4 Cross-site scripting (XSS) vulnerability in merchandise.php in BandSite CMS 1.1.4 allows remote attackers to inject arbitrary HTML or web script via the type parameter. | 4.3 |
2009-08-24 | CVE-2008-7056 | Permissions, Privileges, and Access Controls vulnerability in Grayscalecms Bandsite CMS 1.1.4 BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request. | 5.0 |
2009-08-24 | CVE-2008-7055 | Path Traversal vulnerability in Visualshapers Ezcontents 2.0.3 module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" (doubled dot dot slash) sequences in the link parameter, which is not properly filtered using the str_replace function. | 5.1 |
2009-08-24 | CVE-2008-7054 | Path Traversal vulnerability in Visualshapers Ezcontents 2.0.3 Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow remote attackers to include and execute arbitrary local files via the (1) gsLanguage and (2) language_home parameters to modules/diary/showdiary.php; (3) admin_home, (4) gsLanguage, and (5) language_home parameters to modules/diary/showdiarydetail.php; (6) gsLanguage and (7) language_home parameters to modules/diary/submit_diary.php; (8) admin_home parameter to modules/news/news_summary.php; (9) nLink, (10) gsLanguage, and (11) language_home parameters to modules/news/inlinenews.php; and possibly other unspecified vectors in (12) diary/showeventlist.php, (13) gallery/showgallery.php, (14) reviews/showreviews.php, (15) gallery/showgallerydetails.php, (16) reviews/showreviewsdetails.php, (17) news/shownewsdetails.php, (18) gallery/submit_gallery.php, (19) guestbook/submit_guestbook.php, (20) reviews/submit_reviews.php, (21) news/submit_news.php, (22) diary/inlineeventlist.php, and (23) news/archivednews_summary.php in modules/, related to the lack of directory traversal protection in modules/moduleSec.php. | 5.1 |
2009-08-24 | CVE-2008-7053 | Resource Management Errors vulnerability in Logmein Ractrl.Dll LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remote attackers to cause a denial of service (crash) by setting the fgcolor and bgcolor properties to certain long values that trigger memory corruption. | 9.3 |
2009-08-24 | CVE-2009-2956 | Information Exposure vulnerability in IBM Websphere Commerce Suite The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files. | 5.0 |
2009-08-24 | CVE-2009-2955 | Improper Input Validation vulnerability in Google Chrome Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. | 5.0 |
2009-08-24 | CVE-2009-2954 | Improper Input Validation vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. | 5.0 |
2009-08-24 | CVE-2009-2953 | Resource Management Errors vulnerability in Mozilla Firefox Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. | 5.0 |