Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2008-11-21	CVE-2008-5205	Cross-Site Scripting vulnerability in Wellyblog NIL Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allows remote attackers to inject arbitrary web script or HTML via the articleid parameter in an add action. network wellyblog CWE-79	4.3
2008-11-21	CVE-2008-5204	Path Traversal vulnerability in Poweraward 1.1.0 Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php. network poweraward CWE-22	6.8
2008-11-21	CVE-2008-5203	Cross-Site Scripting vulnerability in Poweraward 1.1.0 Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter. network poweraward CWE-79	4.3
2008-11-21	CVE-2008-5202	Cross-Site Scripting vulnerability in Otmanager CMS 24A Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS 24a allows remote attackers to inject arbitrary web script or HTML via the conteudo parameter. network otmanager CWE-79	4.3
2008-11-21	CVE-2008-5193	Cross-Site Scripting vulnerability in Philboard 1.14/1.2 Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. network philboard CWE-79	4.3
2008-11-21	CVE-2008-5189	Cross-Site Request Forgery (CSRF) vulnerability in Rubyonrails Rails and Ruby ON Rails CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function. network low complexity rubyonrails CWE-352	5.0
2008-11-21	CVE-2008-5185	Resource Management Errors vulnerability in Geshi The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using "<". network low complexity geshi CWE-399	5.0
2008-11-21	CVE-2008-5182	Race Condition vulnerability in Linux Kernel The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. local linux CWE-362	6.9
2008-11-20	CVE-2008-5181	Resource Management Errors vulnerability in Microsoft Office Communicator Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons. network low complexity microsoft CWE-399	5.0
2008-11-20	CVE-2008-5179	Remote Denial of Service vulnerability in Microsoft products Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. network low complexity microsoft	5.0

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium