Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-08 | CVE-2008-4488 | Cross-Site Scripting vulnerability in Atarone 1.2.0 Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) id parameters. | 4.3 |
| 2008-10-08 | CVE-2008-4487 | SQL Injection vulnerability in Atarone 1.2.0 SQL injection vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) site_name, (2) email, (3) theme_chosen, (4) hp, (5) c_meta, (6) id, and (7) c_js parameters. | 6.8 |
| 2008-10-08 | CVE-2008-4486 | Path Traversal vulnerability in Yerba 6.28 Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. | 10.0 |
| 2008-10-08 | CVE-2008-4485 | Cross-Site Scripting vulnerability in Bluecoat Security Gateway OS 4.2/5.2/5.3 Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL. | 4.3 |
| 2008-10-08 | CVE-2008-4484 | Permissions, Privileges, and Access Controls vulnerability in Crux Software Gallery main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php. | 6.8 |
| 2008-10-08 | CVE-2008-4483 | Path Traversal vulnerability in Crux Software Gallery Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2008-10-08 | CVE-2008-4482 | Improper Input Validation vulnerability in Apache Xerces-C++ The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file. | 7.8 |
| 2008-10-08 | CVE-2008-4481 | Cross-Site Scripting vulnerability in Redmine Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-10-08 | CVE-2008-3061 | Remote Security vulnerability in V-Webmail 1.5.0 Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the to parameter. network v-webmail | 4.3 |
| 2008-10-08 | CVE-2008-4477 | Link Following vulnerability in JIM Trocki MON 0.99.2 alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack on the test.alert.log temporary file. | 7.2 |