Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-18 | CVE-2008-5139 | Link Following vulnerability in Javier Fernandez Jailer 0.4 updatejail in jailer 0.4 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5138 | Link Following vulnerability in Bkleineidam Libpam Mount 0.43 passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5137 | Link Following vulnerability in Tkman 2.2 tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5136 | Link Following vulnerability in Ldrolez Tkusr 0.82 tkusr in tkusr 0.82 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/tkusr.pgm temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5133 | Permissions, Privileges, and Access Controls vulnerability in SUN Opensolaris and Solaris ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named. | 5.8 |
| 2008-11-18 | CVE-2008-5130 | Permissions, Privileges, and Access Controls vulnerability in Ocean12 Technologies Calendar Manager 2.04 Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb. | 5.0 |
| 2008-11-18 | CVE-2008-5129 | Permissions, Privileges, and Access Controls vulnerability in Ocean12 Technologies Poll Manager 1.00 Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb. | 5.0 |
| 2008-11-18 | CVE-2008-5128 | Permissions, Privileges, and Access Controls vulnerability in Ocean12 Technologies Membership Manager PRO Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb. | 5.0 |
| 2008-11-18 | CVE-2008-5127 | Permissions, Privileges, and Access Controls vulnerability in Ocean12 Technologies Contact Manager 1.02 Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb. | 5.0 |
| 2008-11-18 | CVE-2008-5126 | Cross-Site Scripting vulnerability in Boutikone CMS Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. | 4.3 |