Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-10 | CVE-2008-5006 | Resource Management Errors vulnerability in University of Washington Imap Toolkit 2007B smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code. | 5.0 |
| 2008-11-10 | CVE-2008-5000 | SQL Injection vulnerability in PHPx 3.5.16 SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via uppercase characters in the news_id parameter. | 6.8 |
| 2008-11-10 | CVE-2008-4915 | Permissions, Privileges, and Access Controls vulnerability in VMWare products The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS. | 6.9 |
| 2008-11-10 | CVE-2008-4823 | Cross-Site Scripting vulnerability in Adobe Flash Player Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute. | 4.3 |
| 2008-11-10 | CVE-2008-4822 | Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy. | 6.8 |
| 2008-11-10 | CVE-2008-4821 | Information Exposure vulnerability in Adobe Flash Player Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors. | 4.3 |
| 2008-11-10 | CVE-2008-4819 | Multiple Security vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. network adobe | 6.8 |
| 2008-11-10 | CVE-2008-4818 | Cross-Site Scripting vulnerability in Adobe Flash Player Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers. | 4.3 |
| 2008-11-07 | CVE-2008-4995 | Link Following vulnerability in Jose M.Vidal Bk2Site 1.1.9 redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/redirect.log temporary file. | 6.9 |
| 2008-11-07 | CVE-2008-4994 | Link Following vulnerability in TI KAN Xmcd 2.6 The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.*pid temporary file. | 6.9 |