Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-26 | CVE-2008-2432 | Information Exposure vulnerability in Novell Iprint Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument. | 5.0 |
| 2008-11-25 | CVE-2008-5230 | Cryptographic Issues vulnerability in Cisco IOS The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng. | 6.8 |
| 2008-11-25 | CVE-2008-5229 | Buffer Errors vulnerability in Microsoft Windows Vista Gold Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. | 6.9 |
| 2008-11-25 | CVE-2008-5109 | Configuration vulnerability in Adobe Flash Media Server 3.0/3.5 The default configuration of Adobe Flash Media Server (FMS) 3.0 does not enable SWF Verification for (1) RTMPE and (2) RTMPTE sessions, which makes it easier for remote attackers to make copies of video content via stream-capture software. | 5.0 |
| 2008-11-25 | CVE-2008-4232 | Unspecified vulnerability in Apple Iphone OS and Safari Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document. | 5.0 |
| 2008-11-25 | CVE-2008-5225 | Cross-Site Scripting vulnerability in Xerox Docushare Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories. | 4.3 |
| 2008-11-25 | CVE-2008-5224 | Cross-Site Scripting vulnerability in Kent-Web Mart Cross-site scripting (XSS) vulnerability in Kent Web Mart 1.61 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-11-25 | CVE-2008-5218 | Permissions, Privileges, and Access Controls vulnerability in Scriptsez Freeze Greetings 1.0 ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords. | 5.0 |
| 2008-11-24 | CVE-2008-5217 | Path Traversal vulnerability in PHPc0D3R Txtcms 0.3 Directory traversal vulnerability in index.php in txtCMS 0.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 5.1 |
| 2008-11-24 | CVE-2008-5214 | Cross-Site Scripting vulnerability in Clanlite 2.2006.05.20 Cross-site scripting (XSS) vulnerability in service/calendrier.php in ClanLite 2.2006.05.20 allows remote attackers to inject arbitrary web script or HTML via the annee parameter. | 4.3 |