Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-03 | CVE-2008-4429 | Denial Of Service vulnerability in SOURCENEXT Virus Security and Virus Security ZERO Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 and earlier and Virus Security 9.5.0173 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via malformed compressed files. | 10.0 |
| 2008-10-03 | CVE-2008-4428 | Improper Input Validation vulnerability in Phlatline Personal Information Manager Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory. | 10.0 |
| 2008-10-03 | CVE-2008-4427 | Improper Authentication vulnerability in Phlatline Personal Information Manager changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords. | 7.5 |
| 2008-10-03 | CVE-2008-4426 | Cross-Site Scripting vulnerability in Phlatline Personal Information Manager 1.0 Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action. | 4.3 |
| 2008-10-03 | CVE-2008-4425 | Path Traversal vulnerability in Phlatline Personal Information Manager 1.0 Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action. | 8.8 |
| 2008-10-03 | CVE-2008-4424 | Cross-Site Scripting vulnerability in Domain Group Network Goocms 1.02 Cross-site scripting (XSS) vulnerability in index.php in Domain Group Network GooCMS 1.02 allows remote attackers to inject arbitrary web script or HTML via the s parameter in a comments action. | 4.3 |
| 2008-10-03 | CVE-2008-4423 | SQL Injection vulnerability in Ovidentia 6.6.5 SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action. | 6.5 |
| 2008-10-03 | CVE-2008-4383 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Alcatel AOS Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie. | 10.0 |
| 2008-10-03 | CVE-2008-4409 | Resource Management Errors vulnerability in Xmlsoft Libxml2 2.7.0/2.7.1 libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. | 5.0 |
| 2008-10-03 | CVE-2008-4408 | Cross-Site Scripting vulnerability in Mediawiki 1.12.0/1.13.1 Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component. | 4.3 |