Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-17 | CVE-2008-4596 | Cross-Site Scripting vulnerability in Drupal Shindig-Integrator 5 Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in generated pages. | 4.3 |
| 2008-10-17 | CVE-2008-4412 | Information Exposure vulnerability in HP Systems Insight Manager Unspecified vulnerability in HP Systems Insight Manager (SIM) before 5.2 Update 2 (C.05.02.02.00) allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2008-10-16 | CVE-2008-4591 | Cross-Site Scripting vulnerability in PHPwebgallery 1.3.4 Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters. | 4.3 |
| 2008-10-15 | CVE-2008-4584 | Insecure Method vulnerability in Chilkat Software Mail 7.8 Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method. network chilkat-software | 6.8 |
| 2008-10-15 | CVE-2008-4582 | Permissions, Privileges, and Access Controls vulnerability in multiple products Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810. | 4.3 |
| 2008-10-15 | CVE-2008-4581 | Permissions, Privileges, and Access Controls vulnerability in IBM Enovia Smarteam 5 The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process (aka Flow Process) view. | 4.0 |
| 2008-10-15 | CVE-2008-4578 | Permissions, Privileges, and Access Controls vulnerability in Dovecot The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes. | 5.0 |
| 2008-10-15 | CVE-2008-4575 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sentex Jhead Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows." | 5.0 |
| 2008-10-15 | CVE-2008-4571 | Cross-Site Scripting vulnerability in Plone Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag. | 4.3 |
| 2008-10-15 | CVE-2008-4020 | Cross-Site Scripting vulnerability in Microsoft Office XP Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability." | 4.3 |