Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-22 | CVE-2008-4676 | Permissions, Privileges, and Access Controls vulnerability in Citrix Access Essentials, Presentation Server and Xenapp Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. | 6.8 |
| 2008-10-22 | CVE-2008-4674 | SQL Injection vulnerability in Conkurent Real Estate Manager SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in browse mode. | 6.8 |
| 2008-10-22 | CVE-2008-4672 | Cross-Site Scripting vulnerability in Goodlyrics Lyrics Script Cross-site scripting (XSS) vulnerability in search_results.php in buymyscripts Lyrics Script allows remote attackers to inject arbitrary web script or HTML via the k parameter. | 4.3 |
| 2008-10-22 | CVE-2008-4671 | Cross-Site Scripting vulnerability in Wordpress MU Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters. | 4.3 |
| 2008-10-22 | CVE-2008-4670 | Cross-Site Scripting vulnerability in ED Putal Clickbank Portal Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol Clickbank Portal allows remote attackers to inject arbitrary web script or HTML via the search box. | 4.3 |
| 2008-10-22 | CVE-2008-4669 | Cross-Site Scripting vulnerability in DAN Fletcher Recipe Script Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher Recipe Script allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | 4.3 |
| 2008-10-22 | CVE-2008-4666 | SQL Injection vulnerability in Deeserver Ultimate Webboard 3.00 SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00 allows remote attackers to execute arbitrary SQL commands via the Category parameter. | 6.8 |
| 2008-10-22 | CVE-2008-4663 | Cross-Site Scripting vulnerability in Kumacchi KS CGI Access LOG 1.44 Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used in K's CGI Access Log Kaiseki (1) jcode.pl and (2) Jcode.pm, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-10-22 | CVE-2008-4662 | Path Traversal vulnerability in Lokicms 0.3.4 Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2008-10-22 | CVE-2008-4661 | Cross-Site Scripting vulnerability in Typo3 Page Improvements Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |