Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-19 | CVE-2008-5172 | Cross-Site Scripting vulnerability in Forumsoftware Yazd Forum Software 3.0 Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Software 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to (a) search.jsp, and the (2) msg parameter to (b) error.jsp and (c) userAccount.jsp. | 4.3 |
| 2008-11-19 | CVE-2008-5164 | Cross-Site Scripting vulnerability in Theratstudios the RAT CMS 2 Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) viewarticle.php and (b) viewarticle2.php and the (2) PATH_INFO to viewarticle.php. | 4.3 |
| 2008-11-18 | CVE-2008-5160 | Remote Denial of Service vulnerability in Myserver 0.8.11 Unspecified vulnerability in MyServer 0.8.11 allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests with the HTTP GET, DELETE, OPTIONS, and possibly other methods, related to a "204 No Content error." | 5.0 |
| 2008-11-18 | CVE-2008-5157 | Link Following vulnerability in Uoregon TAU 2.16.4 tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts. | 6.9 |
| 2008-11-18 | CVE-2008-5156 | Link Following vulnerability in Dann Frazier Systemimager-Server 3.6.3 si_mkbootserver in systemimager-server 3.6.3 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.inetd.conf or (2) /tmp/pxe.conf.*.tmp temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5154 | Link Following vulnerability in Koeniglich P3Nfs 5.19 bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5153 | Link Following vulnerability in Moodle 1.8.2 spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5152 | Link Following vulnerability in Peter S Galbraith Mh-Book 2000605 inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5151 | Link Following vulnerability in Abottoms Mayavi 1.5 test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5150 | Link Following vulnerability in Jose Carlos Medeiros Maildirsync 1.1 sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file. | 6.9 |