Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2008-10-01 CVE-2008-4369 SQL Injection vulnerability in Availscript Photo Album
SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter.
network
low complexity
availscript CWE-89
7.5
7.5
2008-10-01 CVE-2008-4368 Cryptographic Issues vulnerability in Apple mac OS X 10.5.4/10.5.5
The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE.
network
low complexity
apple CWE-310
5.0
5.0
2008-09-30 CVE-2008-4366 Improper Input Validation vulnerability in Camera Life Camera Life 2.6.2B4
Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/upload.
network
low complexity
camera-life CWE-20
6.5
6.5
2008-09-30 CVE-2008-4365 Cross-Site Scripting vulnerability in Siteman 1.1.1/1.1.10/1.1.9
Cross-site scripting (XSS) vulnerability in search.php in Siteman 1.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
network
siteman CWE-79
4.3
4.3
2008-09-30 CVE-2008-4364 SQL Injection vulnerability in Parsagostar Parsaweb CMS
SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page.
network
low complexity
parsagostar CWE-89
7.5
7.5
2008-09-30 CVE-2008-4363 Improper Input Validation vulnerability in Deslock 3.2.7
DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended.
local
low complexity
deslock CWE-20
7.2
7.2
2008-09-30 CVE-2008-4362 Resource Management Errors vulnerability in Deslock 3.2.7
The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) via a crafted IOCTL request to \Device\DLPTokenWalter0.
local
low complexity
deslock CWE-399
4.9
4.9
2008-09-30 CVE-2008-4361 Path Traversal vulnerability in Powerportal 2.0.13
Directory traversal vulnerability in PowerPortal 2.0.13 allows remote attackers to list and possibly read arbitrary files via a ..
network
low complexity
powerportal CWE-22
7.8
7.8
2008-09-30 CVE-2008-4358 Improper Input Validation vulnerability in Spaw Editor Spaw PHP
Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unknown impact and attack vectors, probably related to directory traversal sequences in the theme name.
network
low complexity
spaw-editor CWE-20
critical
 10.0
10
2008-09-30 CVE-2008-4357 SQL Injection vulnerability in Powie Plink 2.07
SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
powie CWE-89
7.5
7.5