Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-10-29 | CVE-2008-4788 | Remote Security vulnerability in Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to spoof example.com, aka MSRC ticket MSRC7900. | 5.0 |
2008-10-29 | CVE-2008-4787 | Unspecified vulnerability in Microsoft Internet Explorer 6 Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many (Non-Blocking Space character) sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related issue to CVE-2003-1025. network microsoft | 5.8 |
2008-10-29 | CVE-2008-4780 | Path Traversal vulnerability in Easy-Script Myforum 1.3 Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter. | 6.8 |
2008-10-28 | CVE-2008-4776 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wojtek Kaniewsk Libgadu libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read. | 4.3 |
2008-10-28 | CVE-2008-4774 | Cross-Site Scripting vulnerability in Questwork Questcms Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter. | 4.3 |
2008-10-28 | CVE-2008-4773 | Path Traversal vulnerability in Questwork Questcms Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. | 5.0 |
2008-10-28 | CVE-2008-4764 | Path Traversal vulnerability in Extplorer COM Extplorer 2.0.0 Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. | 5.0 |
2008-10-28 | CVE-2008-4763 | Cross-Site Scripting vulnerability in Wikidsystems Wclient-PHP 3.01 Multiple cross-site scripting (XSS) vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHP_SELF variable. | 4.3 |
2008-10-28 | CVE-2008-4761 | Cross-Site Scripting vulnerability in Kayako Esupport 3.20.2 Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. | 4.3 |
2008-10-28 | CVE-2008-4760 | SQL Injection vulnerability in Graphiks Myforum 1.3 SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.8 |