Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-18 | CVE-2008-5125 | Improper Authentication vulnerability in Castillocentral Ccleague 1.2 admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin. | 6.8 |
| 2008-11-18 | CVE-2008-5123 | SQL Injection vulnerability in Castillocentral Ccleague 1.2 SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter. | 6.8 |
| 2008-11-18 | CVE-2008-5119 | Cross-Site Scripting vulnerability in Scripts4Profit Dxshopcart 4.30Mc Cross-site scripting (XSS) vulnerability in search.php in Scripts4Profit DXShopCart 4.30mc allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | 4.3 |
| 2008-11-18 | CVE-2008-5118 | Multiple vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection." network sun | 4.3 |
| 2008-11-18 | CVE-2008-5117 | Improper Input Validation vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.4 |
| 2008-11-18 | CVE-2008-5115 | Cross-Site Request Forgery (CSRF) vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp. | 6.8 |
| 2008-11-18 | CVE-2008-5114 | Cross-Site Scripting vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-11-17 | CVE-2008-5113 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress 2.6.3 WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). | 4.0 |
| 2008-11-17 | CVE-2008-5112 | Information Exposure vulnerability in Microsoft Windows and Windows 2000 The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum. | 5.0 |
| 2008-11-17 | CVE-2008-5111 | Local Denial Of Service vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in the socket function in Sun Solaris 10 and OpenSolaris snv_57 through snv_91, when InfiniBand hardware is not installed, allows local users to cause a denial of service (panic) via unknown vectors, related to the socksdpv_close function. local sun | 4.7 |