Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-20 | CVE-2008-4617 | SQL Injection vulnerability in Pyxicom Actualite 1.0 SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-10-20 | CVE-2008-4616 | Improper Input Validation vulnerability in multiple products The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key. | 5.0 |
| 2008-10-20 | CVE-2008-4615 | Remote Security vulnerability in Portalapp 4.0 Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors. | 10.0 |
| 2008-10-20 | CVE-2008-4614 | Improper Authentication vulnerability in Portalapp 4.0 PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies. | 7.5 |
| 2008-10-20 | CVE-2008-4613 | SQL Injection vulnerability in Portalapp 4.0 SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | 7.5 |
| 2008-10-20 | CVE-2008-4612 | Cross-Site Scripting vulnerability in Portalapp 4.0 Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp and (2) content.asp. | 4.3 |
| 2008-10-20 | CVE-2008-4611 | SQL Injection vulnerability in PHP Arsivimiz PHP Ziyaretci Defteri SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretci Defteri allows remote attackers to execute arbitrary SQL commands via the sayfa parameter. | 7.5 |
| 2008-10-20 | CVE-2008-4610 | Resource Management Errors vulnerability in Mplayer MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718. | 5.0 |
| 2008-10-20 | CVE-2007-6718 | Denial-Of-Service vulnerability in MPlayer MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. network mplayer | 4.3 |
| 2008-10-18 | CVE-2008-4606 | SQL Injection vulnerability in IP REG IP REG 0.3 Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) location_id parameter to locationdel.php and (2) vlan_id parameter to vlanedit.php. | 7.5 |