Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-10-01 | CVE-2008-4369 | SQL Injection vulnerability in Availscript Photo Album SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter. | 7.5 |
2008-10-01 | CVE-2008-4368 | Cryptographic Issues vulnerability in Apple mac OS X 10.5.4/10.5.5 The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE. | 5.0 |
2008-09-30 | CVE-2008-4366 | Improper Input Validation vulnerability in Camera Life Camera Life 2.6.2B4 Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/upload. | 6.5 |
2008-09-30 | CVE-2008-4365 | Cross-Site Scripting vulnerability in Siteman 1.1.1/1.1.10/1.1.9 Cross-site scripting (XSS) vulnerability in search.php in Siteman 1.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2008-09-30 | CVE-2008-4364 | SQL Injection vulnerability in Parsagostar Parsaweb CMS SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page. | 7.5 |
2008-09-30 | CVE-2008-4363 | Improper Input Validation vulnerability in Deslock 3.2.7 DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended. | 7.2 |
2008-09-30 | CVE-2008-4362 | Resource Management Errors vulnerability in Deslock 3.2.7 The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) via a crafted IOCTL request to \Device\DLPTokenWalter0. | 4.9 |
2008-09-30 | CVE-2008-4361 | Path Traversal vulnerability in Powerportal 2.0.13 Directory traversal vulnerability in PowerPortal 2.0.13 allows remote attackers to list and possibly read arbitrary files via a .. | 7.8 |
2008-09-30 | CVE-2008-4358 | Improper Input Validation vulnerability in Spaw Editor Spaw PHP Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unknown impact and attack vectors, probably related to directory traversal sequences in the theme name. | 10.0 |
2008-09-30 | CVE-2008-4357 | SQL Injection vulnerability in Powie Plink 2.07 SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |