Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2008-09-30 CVE-2008-4346 Path Traversal vulnerability in Talkback 2.3.6/2.3.6.4
Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a ..
network
low complexity
talkback CWE-22
7.5
7.5
2008-09-30 CVE-2008-4345 SQL Injection vulnerability in Webportal CMS 0.6.0/0.6Beta/0.7.3
SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter.
network
low complexity
webportal CWE-89
7.5
7.5
2008-09-30 CVE-2008-4344 SQL Injection vulnerability in 6Rbscript
SQL injection vulnerability in cat.php in 6rbScript allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
network
low complexity
6rbscript CWE-89
7.5
7.5
2008-09-30 CVE-2008-4341 Permissions, Privileges, and Access Controls vulnerability in Myblog
add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin.
network
low complexity
myblog CWE-264
7.5
7.5
2008-09-30 CVE-2008-4340 Improper Input Validation vulnerability in Google Chrome 0.2.149.29/0.2.149.30
Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function.
network
google CWE-20
4.3
4.3
2008-09-30 CVE-2008-4339 Permissions, Privileges, and Access Controls vulnerability in Symantec Netbackup Enterprise Server and Netbackup Server
Unspecified vulnerability in the Java Administration GUI (jnbSA) in Symantec Veritas NetBackup Server and NetBackup Enterprise Server 5.1 before MP7, 6.0 before MP7, and 6.5 before 6.5.2 allows remote authenticated users to gain privileges via unknown attack vectors related to "bpjava* binaries."
network
low complexity
symantec CWE-264
6.5
6.5
2008-09-30 CVE-2008-4338 SQL Injection vulnerability in Vacilanda Brilliant Gallery 5/6
SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with "access brilliant_gallery" permissions to execute arbitrary SQL commands via the (1) nid, (2) qid, (3) state, and possibly (4) user parameters.
network
vacilanda CWE-89
6.0
6.0
2008-09-30 CVE-2008-4337 Cross-Site Scripting vulnerability in Bitweaver 2.0.2
Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to (1) edit.php and (2) list.php in articles/; (3) list_blogs.php and (4) rankings.php in blogs/; (5) calendar/index.php; (6) calendar.php, (7) index.php, and (8) list_events.php in events/; (9) index.php and (10) list_galleries.php in fisheye/; (11) liberty/list_content.php; (12) newsletters/edition.php; (13) pigeonholes/list.php; (14) recommends/index.php; (15) rss/index.php; (16) stars/index.php; (17) users/remind_password.php; (18) wiki/orphan_pages.php; and (19) stats/index.php, different vectors than CVE-2007-0526 and CVE-2005-4379.
network
bitweaver CWE-79
4.3
4.3
2008-09-30 CVE-2008-4336 Cross-Site Scripting vulnerability in Constantin Charissis Atomic Photo Album 1.1.0Pre4
Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to inject arbitrary web script or HTML via the apa_album_ID parameter. 		4.3
4.3
2008-09-30 CVE-2008-4335 SQL Injection vulnerability in Atomic Photo Album Atomic Photo Album 1.1.0Pre4
SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to execute arbitrary SQL commands via the apa_album_ID parameter.
network
low complexity
atomic-photo-album CWE-89
7.5
7.5