Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-24 | CVE-2008-4739 | Path Traversal vulnerability in Plugspace 0.1 Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2008-10-24 | CVE-2008-4733 | Cross-Site Scripting vulnerability in Pressography WP Comment Remix Plugin 1.4 Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) replytotext, (2) quotetext, (3) originallypostedby, (4) sep, (5) maxtags, (6) tagsep, (7) tagheadersep, (8) taglabel, and (9) tagheaderlabel parameters. | 4.3 |
| 2008-10-24 | CVE-2008-4730 | Cross-Site Scripting vulnerability in PHPmyid 0.9 Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_trust_root parameter and an inconsistent openid_return_to parameter, which is not properly handled in an error message. | 4.3 |
| 2008-10-24 | CVE-2008-4729 | Buffer Errors vulnerability in Hummingbird Exceed and Exceed Powersuite Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX control (hclxweb.dll) in Hummingbird Xweb ActiveX Control 13.0 and earlier allows remote attackers to execute arbitrary code via a long PlainTextPassword property. | 6.8 |
| 2008-10-24 | CVE-2008-4727 | Cross-Site Scripting vulnerability in Sungard Banner Student 7.3 Cross-site scripting (XSS) vulnerability in the contact update page (ss/bwgkoemr.P_UpdateEmrgContacts) in SunGard Banner Student 7.3 allows remote attackers to inject arbitrary web script or HTML via the addr1 parameter. | 4.3 |
| 2008-10-23 | CVE-2008-4725 | Cross-Site Scripting vulnerability in Opera Browser 9.52 Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. | 4.3 |
| 2008-10-23 | CVE-2008-4724 | Cross-Site Scripting vulnerability in Google Chrome 0.2.149.30 Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. | 4.3 |
| 2008-10-23 | CVE-2008-4723 | Cross-Site Scripting vulnerability in Mozilla Firefox 3.0.1/3.0.2/3.0.3 Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 3.0.1 through 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. | 4.3 |
| 2008-10-23 | CVE-2008-4698 | Permissions, Privileges, and Access Controls vulnerability in Opera Browser Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds. | 5.8 |
| 2008-10-23 | CVE-2008-4697 | Cross-Site Scripting vulnerability in Opera Browser The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | 4.3 |