Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-02-19 | CVE-2008-4392 | Race Condition vulnerability in D.J.Bernstein Djbdns 1.05 dnscache in Daniel J. | 6.4 |
2009-02-19 | CVE-2008-6171 | Improper Input Validation vulnerability in Drupal includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. | 9.3 |
2009-02-19 | CVE-2008-6170 | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title. | 3.5 |
2009-02-19 | CVE-2008-6169 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Localization Client and Localization Server Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as administrators via unspecified vectors related to the "local translation submission interface." | 6.8 |
2009-02-19 | CVE-2008-6168 | Cross-Site Scripting vulnerability in Miniportail Cross-site scripting (XSS) vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified argument, probably the search string. | 4.3 |
2009-02-19 | CVE-2008-6167 | Path Traversal vulnerability in Miniportail Directory traversal vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2009-02-19 | CVE-2008-6166 | SQL Injection vulnerability in Jmds COM Kbase 1.2 SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php. | 7.5 |
2009-02-19 | CVE-2008-6165 | SQL Injection vulnerability in Easy-Script Cspartner 0.1 SQL injection vulnerability in gestion.php in CSPartner 0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) pseudo and (2) passe parameters. | 6.8 |
2009-02-18 | CVE-2009-0646 | SQL Injection vulnerability in 4Site CMS Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml. | 7.5 |
2009-02-18 | CVE-2009-0645 | Path Traversal vulnerability in Jaws 0.8.8 Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. | 6.5 |