Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-10 | CVE-2008-4533 | Cross-Site Scripting vulnerability in Katan web Server 1.6 Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2008-10-10 | CVE-2008-4394 | Local Privilege Escalation vulnerability in Gentoo 'sys-apps/portage' Search Path Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds. local gentoo | 6.9 |
| 2008-10-10 | CVE-2008-4214 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files. | 4.6 |
| 2008-10-10 | CVE-2008-3646 | Race Condition vulnerability in Apple mac OS X 10.5.5 The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users. | 6.8 |
| 2008-10-09 | CVE-2008-4532 | Cross-Site Scripting vulnerability in Maxiscript Website Directory Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action. | 4.3 |
| 2008-10-09 | CVE-2008-4520 | Cross-Site Scripting vulnerability in Autonessus Cross-site scripting (XSS) vulnerability in bulk_update.pl in AutoNessus before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the remark parameter. | 4.3 |
| 2008-10-09 | CVE-2008-4514 | Improper Input Validation vulnerability in Konqueror 3.5.9 The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error. | 5.0 |
| 2008-10-09 | CVE-2008-4512 | Permissions, Privileges, and Access Controls vulnerability in Designplace Asp/Ms Access Shoutbox 1.1 ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | 5.0 |
| 2008-10-09 | CVE-2008-4511 | Permissions, Privileges, and Access Controls vulnerability in Todd Woolums ASP News Management 2.21 Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | 5.0 |
| 2008-10-09 | CVE-2008-4510 | Resource Management Errors vulnerability in Microsoft Windows Vista Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page. | 4.9 |