Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-23 | CVE-2008-4696 | Cross-Site Scripting vulnerability in Opera Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat). | 4.3 |
| 2008-10-23 | CVE-2008-3815 | Improper Authentication vulnerability in Cisco ASA 5500 and PIX Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. | 4.3 |
| 2008-10-23 | CVE-2007-4349 | Denial of Service vulnerability in HP OpenView Products Shared Trace Service RPC Request Handling The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference. network hp | 4.3 |
| 2008-10-23 | CVE-2008-4712 | Path Traversal vulnerability in Lnblog 0.8.0/0.8.1/0.8.2 Directory traversal vulnerability in pages/showblog.php in LnBlog 0.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2008-10-23 | CVE-2008-4711 | SQL Injection vulnerability in Joovili 2.1/3.0.6 SQL injection vulnerability in Joovili 3.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.blog.php, (2) view.event.php, (3) view.group.php, (4) view.music.php, (5) view.picture.php, and (6) view.video.php. | 6.8 |
| 2008-10-23 | CVE-2008-4710 | Cross-Site Scripting vulnerability in Drupal Stock Module 6X Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-10-23 | CVE-2008-4707 | Path Traversal vulnerability in Sylvain Pasquet Bbzl PHP 0.92 Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows remote attackers to access unauthorized directories via a .. | 5.0 |
| 2008-10-22 | CVE-2008-4701 | SQL Injection vulnerability in Liberiacms Liberia CMS 1.00/1.10/1.11 SQL injection vulnerability in admin.php in Libera CMS 1.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_user cookie parameter, a different vector than CVE-2008-4700. | 6.8 |
| 2008-10-22 | CVE-2008-4700 | SQL Injection vulnerability in Liberiacms Liberia CMS 1.00/1.10/1.11 SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_pass cookie parameter. | 6.8 |
| 2008-10-22 | CVE-2008-4693 | Information Exposure vulnerability in IBM DB2 The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." | 5.0 |