Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-22 | CVE-2008-4651 | SQL Injection vulnerability in Jetbox CMS 2.1 Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php. | 6.0 |
| 2008-10-22 | CVE-2008-4648 | Cross-Site Scripting vulnerability in Elxis CMS 2008.1 Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS 2008.1 revision 2204 allows remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or the (2) option, (3) Itemid, (4) id, (5) task, (6) bid, and (7) contact_id parameters. | 4.3 |
| 2008-10-21 | CVE-2008-4639 | Unspecified vulnerability in Sentex Jhead jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | 4.6 |
| 2008-10-21 | CVE-2008-4638 | Information Exposure vulnerability in Symantec Veritas File System 5.0/Unknown qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message. | 4.6 |
| 2008-10-21 | CVE-2008-4637 | Cross-Site Scripting vulnerability in Cpcommerce Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. | 4.3 |
| 2008-10-21 | CVE-2008-4121 | Cross-Site Scripting vulnerability in Cpcommerce Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to sendtofriend.php. | 4.3 |
| 2008-10-21 | CVE-2008-3248 | Information Exposure vulnerability in Symantec Veritas File System 5.0/Unknown qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating and then reading files. | 4.6 |
| 2008-10-21 | CVE-2007-4350 | Cross-Site Scripting vulnerability in HP Sitescope 9.0 Cross-site scripting (XSS) vulnerability in the management interface in HP SiteScope 9.0 build 911 allows remote attackers to inject arbitrary web script or HTML via an SNMP trap message. | 4.3 |
| 2008-10-21 | CVE-2008-4635 | Information Exposure vulnerability in Hisanaga Electric CO Hisa Cart Unspecified vulnerability in Hisanaga Electric Co, Ltd. | 5.0 |
| 2008-10-21 | CVE-2008-4633 | SQL Injection vulnerability in Drupal Node Clone SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote." | 6.0 |