Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-08 | CVE-2008-4488 | Cross-Site Scripting vulnerability in Atarone 1.2.0 Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) id parameters. | 4.3 |
| 2008-10-08 | CVE-2008-4487 | SQL Injection vulnerability in Atarone 1.2.0 SQL injection vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) site_name, (2) email, (3) theme_chosen, (4) hp, (5) c_meta, (6) id, and (7) c_js parameters. | 6.8 |
| 2008-10-08 | CVE-2008-4485 | Cross-Site Scripting vulnerability in Bluecoat Security Gateway OS 4.2/5.2/5.3 Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL. | 4.3 |
| 2008-10-08 | CVE-2008-4484 | Permissions, Privileges, and Access Controls vulnerability in Crux Software Gallery main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php. | 6.8 |
| 2008-10-08 | CVE-2008-4483 | Path Traversal vulnerability in Crux Software Gallery Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2008-10-08 | CVE-2008-4481 | Cross-Site Scripting vulnerability in Redmine Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-10-08 | CVE-2008-3061 | Remote Security vulnerability in V-Webmail 1.5.0 Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the to parameter. network v-webmail | 4.3 |
| 2008-10-08 | CVE-2008-3060 | Information Exposure vulnerability in V-Webmail 1.5.0 V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message. | 5.0 |
| 2008-10-07 | CVE-2008-4476 | Link Following vulnerability in Sympa 5.3.4 sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. | 6.9 |
| 2008-10-07 | CVE-2008-4393 | Cross-Site Scripting vulnerability in Verisign Kontiki Delivery Management System Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery Management System (DMS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to zodiac/servlet/zodiac. | 4.3 |