Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-11-04 | CVE-2008-4909 | Cross-Site Scripting vulnerability in Compact CMS Compact CMS Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and earlier allows remote attackers to perform unauthorized actions as legitimate users via unspecified vectors. | 4.3 |
2008-11-04 | CVE-2008-4888 | Cross-Site Scripting vulnerability in Netrisk 1.9.7 Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter to index.php. | 4.3 |
2008-11-03 | CVE-2008-3868 | Cross-Site Request Forgery (CSRF) vulnerability in Cce-Interact Interact 2.4.1 Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts. | 6.8 |
2008-11-03 | CVE-2008-3867 | SQL Injection vulnerability in Cce-Interact Interact 2.4.1 SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter. | 6.8 |
2008-11-01 | CVE-2008-4877 | SQL Injection vulnerability in Mywebcards Webcards SQL injection vulnerability in admin.php in WebCards 1.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. | 6.8 |
2008-11-01 | CVE-2008-4876 | Cross-Site Scripting vulnerability in Philips Electronics Voip841 Dect Phone 1.0.4.48/1.0.4.50 Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page. | 4.3 |
2008-11-01 | CVE-2008-4875 | Path Traversal vulnerability in Philips Electronics Voip841 Dect Phone 1.0.4.48/1.0.4.50 Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. | 6.8 |
2008-11-01 | CVE-2008-4874 | Credentials Management vulnerability in Philips Electronics Voip841 Dect Phone 1.0.4.48/1.0.4.50 The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access. | 5.0 |
2008-11-01 | CVE-2008-4872 | Cross-Site Scripting vulnerability in Itechscripts Itechbids 5.0 Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. | 4.3 |
2008-11-01 | CVE-2008-4871 | Cross-Site Scripting vulnerability in MY Little Forum MY Little Forum 1.75/2.0 Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2.0 Beta 23 allows remote attackers to inject arbitrary web script or HTML via BBcode IMG tags. | 4.3 |