Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-05 | CVE-2008-4816 | Unspecified vulnerability in Adobe Acrobat and Acrobat Reader Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors. | 4.3 |
| 2008-11-04 | CVE-2008-4930 | Improper Input Validation vulnerability in Mybb 1.4.2 MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks. | 5.0 |
| 2008-11-04 | CVE-2008-4928 | Cross-Site Scripting vulnerability in Mybb 1.4.2 Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. | 4.3 |
| 2008-11-04 | CVE-2008-4927 | Improper Input Validation vulnerability in Microsoft Windows Media Player 10/11/9 Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 4.3 |
| 2008-11-04 | CVE-2008-4918 | Cross-site Scripting vulnerability in Sonicwall Sonicos Enhanced Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking." | 4.3 |
| 2008-11-04 | CVE-2008-4413 | Permissions, Privileges, and Access Controls vulnerability in HP System Management Homepage Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users to gain "unauthorized access" via unknown vectors, possibly related to temporary file permissions. | 6.2 |
| 2008-11-04 | CVE-2008-4907 | Improper Input Validation vulnerability in Dovecot 1.1.4/1.1.5 The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug." | 4.3 |
| 2008-11-04 | CVE-2008-4904 | SQL Injection vulnerability in Typosphere Typo SQL injection vulnerability in the "Manage pages" feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with "blog publisher" rights to execute arbitrary SQL commands via the search[published_at] parameter. | 6.0 |
| 2008-11-04 | CVE-2008-4903 | Cross-Site Scripting vulnerability in Typosphere Typo Cross-site scripting (XSS) vulnerability in the leave comment (feedback) feature in Typo 5.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) comment[author] (Name) and (2) comment[url] (Website) parameters. | 4.3 |
| 2008-11-04 | CVE-2008-4899 | Cross-Site Request Forgery (CSRF) vulnerability in Planetluc Rateme 1.3.3 Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe 1.3.3 allows remote attackers to perform unauthorized actions as other users via unspecified vectors. | 6.8 |