Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-03 | CVE-2008-3867 | SQL Injection vulnerability in Cce-Interact Interact 2.4.1 SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter. | 6.8 |
| 2008-11-01 | CVE-2008-4877 | SQL Injection vulnerability in Mywebcards Webcards SQL injection vulnerability in admin.php in WebCards 1.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. | 6.8 |
| 2008-11-01 | CVE-2008-4876 | Cross-Site Scripting vulnerability in Philips Electronics Voip841 Dect Phone 1.0.4.48/1.0.4.50 Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page. | 4.3 |
| 2008-11-01 | CVE-2008-4875 | Path Traversal vulnerability in Philips Electronics Voip841 Dect Phone 1.0.4.48/1.0.4.50 Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. | 6.8 |
| 2008-11-01 | CVE-2008-4874 | Credentials Management vulnerability in Philips Electronics Voip841 Dect Phone 1.0.4.48/1.0.4.50 The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access. | 5.0 |
| 2008-11-01 | CVE-2008-4872 | Cross-Site Scripting vulnerability in Itechscripts Itechbids 5.0 Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. | 4.3 |
| 2008-11-01 | CVE-2008-4871 | Cross-Site Scripting vulnerability in MY Little Forum MY Little Forum 1.75/2.0 Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2.0 Beta 23 allows remote attackers to inject arbitrary web script or HTML via BBcode IMG tags. | 4.3 |
| 2008-11-01 | CVE-2008-4863 | Unspecified vulnerability in Blender 2.46 Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. local blender | 6.9 |
| 2008-10-31 | CVE-2008-4808 | Information Exposure vulnerability in IBM Lotus Connections IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. | 5.0 |
| 2008-10-31 | CVE-2008-4805 | Cross-Site Scripting vulnerability in IBM Lotus Connections Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (8) Global Search components. | 4.3 |