Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-11-21 | CVE-2008-5205 | Cross-Site Scripting vulnerability in Wellyblog NIL Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allows remote attackers to inject arbitrary web script or HTML via the articleid parameter in an add action. | 4.3 |
2008-11-21 | CVE-2008-5204 | Path Traversal vulnerability in Poweraward 1.1.0 Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php. | 6.8 |
2008-11-21 | CVE-2008-5203 | Cross-Site Scripting vulnerability in Poweraward 1.1.0 Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter. | 4.3 |
2008-11-21 | CVE-2008-5202 | Cross-Site Scripting vulnerability in Otmanager CMS 24A Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS 24a allows remote attackers to inject arbitrary web script or HTML via the conteudo parameter. | 4.3 |
2008-11-21 | CVE-2008-5193 | Cross-Site Scripting vulnerability in Philboard 1.14/1.2 Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. | 4.3 |
2008-11-21 | CVE-2008-5189 | Cross-Site Request Forgery (CSRF) vulnerability in Rubyonrails Rails and Ruby ON Rails CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function. | 5.0 |
2008-11-21 | CVE-2008-5185 | Resource Management Errors vulnerability in Geshi The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using "<". | 5.0 |
2008-11-21 | CVE-2008-5182 | Race Condition vulnerability in Linux Kernel The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. | 6.9 |
2008-11-20 | CVE-2008-5181 | Resource Management Errors vulnerability in Microsoft Office Communicator Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons. | 5.0 |
2008-11-20 | CVE-2008-5179 | Remote Denial of Service vulnerability in Microsoft products Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. | 5.0 |