Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-03 | CVE-2008-4440 | Link Following vulnerability in Debian Feta The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files. | 7.2 |
| 2008-10-03 | CVE-2008-4439 | Code Injection vulnerability in Martinwood Datafeed Studio PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. | 10.0 |
| 2008-10-03 | CVE-2008-4438 | Cross-Site Scripting vulnerability in Datafeed Studio Datafeed Studio 1.6.2 Cross-site scripting (XSS) vulnerability in search.php in Datafeed Studio 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
| 2008-10-03 | CVE-2008-4437 | Path Traversal vulnerability in Mozilla Bugzilla Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. | 7.1 |
| 2008-10-03 | CVE-2008-4436 | SQL Injection vulnerability in Bblog Wbblog 0.7.6 SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog 0.7.6 allows remote attackers to execute arbitrary SQL commands via the mod parameter. | 7.5 |
| 2008-10-03 | CVE-2008-4435 | Cross-Site Scripting vulnerability in Rmsoft Downloads Plus Module 1.5/1.7 Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php. | 4.3 |
| 2008-10-03 | CVE-2008-4434 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .torrent file. | 9.3 |
| 2008-10-03 | CVE-2008-4433 | SQL Injection vulnerability in Rmsoft Minishop Module 1.0 SQL injection vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops might allow remote attackers to execute arbitrary SQL commands via the itemsxpag parameter. | 7.5 |
| 2008-10-03 | CVE-2008-4432 | Cross-Site Scripting vulnerability in Rmsoft Minishop Module 1.0 Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops allows remote attackers to inject arbitrary web script or HTML via the itemsxpag parameter. | 4.3 |
| 2008-10-03 | CVE-2008-4431 | SQL Injection vulnerability in Icebb SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlier allows remote attackers to execute arbitrary SQL commands via the skin parameter, probably related to an incorrect protection mechanism in the clean_string function in includes/functions.php. | 7.5 |