Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-31 | CVE-2008-4803 | Cross-Site Scripting vulnerability in Simple PHP Scripts Gallery 0.1/0.3/0.4 Cross-site scripting (XSS) vulnerability in index.php in Simple PHP Scripts gallery 0.1, 0.3, and 0.4 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. | 4.3 |
| 2008-10-31 | CVE-2008-4802 | Cross-Site Scripting vulnerability in Simple PHP Scripts Blog 0.3 Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP Scripts blog 0.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
| 2008-10-31 | CVE-2008-4800 | Resource Management Errors vulnerability in Microsoft Debug Diagnostic Tool The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread method. | 5.0 |
| 2008-10-31 | CVE-2008-4799 | Numeric Errors vulnerability in Netpbm pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read. | 4.3 |
| 2008-10-30 | CVE-2008-4797 | Path Traversal vulnerability in Arihiro Kurta Kantan web Server Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server 1.8 and earlier allows remote attackers to read arbitrary files via unknown vectors. | 5.0 |
| 2008-10-30 | CVE-2008-4795 | Cross-Site Scripting vulnerability in Opera The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks. | 4.3 |
| 2008-10-29 | CVE-2008-4792 | Permissions, Privileges, and Access Controls vulnerability in Drupal The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values. | 6.0 |
| 2008-10-29 | CVE-2008-4791 | Permissions, Privileges, and Access Controls vulnerability in Drupal The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors. | 6.0 |
| 2008-10-29 | CVE-2008-4790 | Permissions, Privileges, and Access Controls vulnerability in Drupal The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors. | 6.0 |
| 2008-10-29 | CVE-2008-4789 | Permissions, Privileges, and Access Controls vulnerability in Drupal The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error." | 6.0 |