Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-10 | CVE-2008-3642 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile. | 9.3 |
| 2008-10-10 | CVE-2008-3641 | Resource Management Errors vulnerability in Apple Cups The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory. | 10.0 |
| 2008-10-09 | CVE-2008-4532 | Cross-Site Scripting vulnerability in Maxiscript Website Directory Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action. | 4.3 |
| 2008-10-09 | CVE-2008-4531 | SQL Injection vulnerability in Drupal Brilliant Gallery SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. | 7.5 |
| 2008-10-09 | CVE-2008-4530 | Cross-Site Scripting vulnerability in Drupal Brilliant Gallery Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers. | 3.5 |
| 2008-10-09 | CVE-2008-4529 | Code Injection vulnerability in Asicms 0.208 Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.php, (5) Extension.php, (6) FileStore.php, (7) HMAC.php, (8) MemcachedStore.php, (9) Message.php, (10) Nonce.php, (11) SQLStore.php, (12) SReg.php, (13) TrustRoot.php, and (14) URINorm.php in classes/Auth/OpenID/; and (15) XRDS.php, (16) XRI.php and (17) XRIRes.php in classes/Auth/Yadis/. | 7.5 |
| 2008-10-09 | CVE-2008-4528 | Path Traversal vulnerability in Phlatline Personal Information Manager 1.01 Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2008-10-09 | CVE-2008-4527 | SQL Injection vulnerability in PHP-Fusion Recepies Module 1.1 SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. | 7.5 |
| 2008-10-09 | CVE-2008-4526 | Path Traversal vulnerability in Customcms Ccms 3.1 Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. | 10.0 |
| 2008-10-09 | CVE-2008-4525 | SQL Injection vulnerability in Ampjuke 0.7.5 SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows remote attackers to execute arbitrary SQL commands via the special parameter in a performerid action. | 7.5 |