Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2008-11-14 CVE-2008-5076 Information Exposure vulnerability in Htop 0.7
htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings."
local
low complexity
htop CWE-200
4.6
4.6
2008-11-14 CVE-2008-5075 SQL Injection vulnerability in Scriptsfrenzy E-Uploader PRO 1.0
Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the view parameter to (g) browser.php. 		6.8
6.8
2008-11-14 CVE-2008-5072 Denial Of Service vulnerability in K-Lite Mega Codec Pack 3.5.7.0
vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers to cause a denial of service (application crash) via a malformed FLV file.
network
k-lite
4.3
4.3
2008-11-13 CVE-2008-5068 Cross-Site Scripting vulnerability in Kkeim Kmita Gallery
Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter to index.php and the (2) searchtext parameter to search.php.
network
kkeim CWE-79
4.3
4.3
2008-11-13 CVE-2008-5067 Cross-Site Scripting vulnerability in Kkeim Kmita Catalogue 2.0
Cross-site scripting (XSS) vulnerability in search.php in Kmita Catalogue 2.x allows remote attackers to inject arbitrary web script or HTML via the q parameter.
network
kkeim CWE-79
4.3
4.3
2008-11-13 CVE-2008-5062 Path Traversal vulnerability in Smolinari Mini web Calendar 1.2
Directory traversal vulnerability in php/cal_pdf.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to read arbitrary files via directory traversal sequences in the thefile parameter.
network
low complexity
smolinari CWE-22
5.0
5.0
2008-11-13 CVE-2008-5061 Cross-Site Scripting vulnerability in Smolinari Mini web Calendar 1.2
Cross-site scripting (XSS) vulnerability in php/cal_default.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL.
network
smolinari CWE-79
4.3
4.3
2008-11-13 CVE-2008-5059 Cross-Site Scripting vulnerability in Modernbill
Cross-site scripting (XSS) vulnerability in index.php in ModernBill 4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the new_language parameter in a login action.
network
modernbill CWE-79
4.3
4.3
2008-11-13 CVE-2008-5056 Cross-Site Scripting vulnerability in Activecampaign Triolive
Cross-site scripting (XSS) vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to inject arbitrary web script or HTML via the department_id parameter to index.php. 		4.3
4.3
2008-11-13 CVE-2008-5015 Code Injection vulnerability in Mozilla Firefox
Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.
network
high complexity
mozilla CWE-94
5.1
5.1