Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-10-28 | CVE-2008-4759 | Path Traversal vulnerability in Buzzscripts Buzzywall 1.3.1 Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. | 5.0 |
2008-10-28 | CVE-2008-4758 | Path Traversal vulnerability in PHP-Daily Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. | 5.0 |
2008-10-28 | CVE-2008-4756 | Cross-Site Scripting vulnerability in PHP-Daily Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter. | 4.3 |
2008-10-27 | CVE-2008-4754 | SQL Injection vulnerability in Scripts-For-Sites EZ Forum SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter. | 5.8 |
2008-10-27 | CVE-2008-4751 | Cross-Site Scripting vulnerability in Epistream Ipei Guestbook 2.0 Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597. | 4.3 |
2008-10-27 | CVE-2008-4745 | Cross-Site Scripting vulnerability in Uniwin Ecart Professional 2.0.17 Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin eCart Professional 2.0.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-10-27 | CVE-2008-4742 | Cross-Site Scripting vulnerability in Timetrex 2.2.11 Multiple cross-site scripting (XSS) vulnerabilities in interface/Login.php in TimeTrex 2.2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) password and (2) user_name parameters. | 4.3 |
2008-10-27 | CVE-2008-4741 | Path Traversal vulnerability in Far-PHP 1.00 Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. | 5.0 |
2008-10-27 | CVE-2008-4740 | Path Traversal vulnerability in Tinycms 1.1.2 Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 5.1 |
2008-10-27 | CVE-2006-7234 | Local Code Execution vulnerability in Lynx '.mailcap' and '.mime.type' Files Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory. | 4.6 |