Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-21 | CVE-2008-4632 | Path Traversal vulnerability in Kure 0.6.3 Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a .. | 6.8 |
| 2008-10-21 | CVE-2008-4629 | Cross-Site Scripting vulnerability in Usagi Mynets Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-10-21 | CVE-2008-4626 | Path Traversal vulnerability in Zirkon BOX Yappa-Ng 2.3.2 Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2008-10-21 | CVE-2008-1547 | Open Redirect vulnerability in Microsoft Exchange Server 2003 Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. | 4.3 |
| 2008-10-20 | CVE-2008-4616 | Improper Input Validation vulnerability in multiple products The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key. | 5.0 |
| 2008-10-20 | CVE-2008-4612 | Cross-Site Scripting vulnerability in Portalapp 4.0 Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp and (2) content.asp. | 4.3 |
| 2008-10-20 | CVE-2008-4610 | Resource Management Errors vulnerability in Mplayer MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718. | 5.0 |
| 2008-10-20 | CVE-2007-6718 | Denial-Of-Service vulnerability in MPlayer MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. network mplayer | 4.3 |
| 2008-10-18 | CVE-2008-4602 | Path Traversal vulnerability in Qualityunit Post Affiliate PRO 2.0 Directory traversal vulnerability in index.php in Post Affiliate Pro 2.0 allows remote authenticated users to read and possibly execute arbitrary local files via a .. | 6.5 |
| 2008-10-18 | CVE-2008-4601 | Cross-Site Scripting vulnerability in Habari CMS 0.5.1 Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter. | 4.3 |