Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-07 | CVE-2008-4457 | SQL Injection vulnerability in Memht Portal SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php. | 6.8 |
| 2008-10-06 | CVE-2008-4455 | Path Traversal vulnerability in Mysql Quick Admin Mysql Quick Admin 1.5.5 Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. | 6.8 |
| 2008-10-06 | CVE-2008-4454 | Path Traversal vulnerability in Mysql Quick Admin Mysql Quick Admin 1.5.5 Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a .. | 6.8 |
| 2008-10-06 | CVE-2008-4450 | Cross-Site Scripting vulnerability in Apache Friends Xampp 1.6.8 Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attackers to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters. | 4.3 |
| 2008-10-06 | CVE-2008-4448 | Cross-Site Request Forgery (CSRF) vulnerability in Positive Software H-Sphere 4.3.10 Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions. | 6.8 |
| 2008-10-06 | CVE-2008-4447 | Cross-Site Scripting vulnerability in Positive Software H-Sphere 4.3.10 Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab parameter during a sysinfo action. | 4.3 |
| 2008-10-06 | CVE-2008-4446 | Cross-Site Scripting vulnerability in Nucleus CMS Nucleus Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-10-06 | CVE-2008-4279 | Permissions, Privileges, and Access Controls vulnerability in VMWare products The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address. | 6.8 |
| 2008-10-03 | CVE-2008-4438 | Cross-Site Scripting vulnerability in Datafeed Studio Datafeed Studio 1.6.2 Cross-site scripting (XSS) vulnerability in search.php in Datafeed Studio 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
| 2008-10-03 | CVE-2008-4435 | Cross-Site Scripting vulnerability in Rmsoft Downloads Plus Module 1.5/1.7 Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php. | 4.3 |