Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-03 | CVE-2008-4432 | Cross-Site Scripting vulnerability in Rmsoft Minishop Module 1.0 Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops allows remote attackers to inject arbitrary web script or HTML via the itemsxpag parameter. | 4.3 |
| 2008-10-03 | CVE-2008-4426 | Cross-Site Scripting vulnerability in Phlatline Personal Information Manager 1.0 Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action. | 4.3 |
| 2008-10-03 | CVE-2008-4424 | Cross-Site Scripting vulnerability in Domain Group Network Goocms 1.02 Cross-site scripting (XSS) vulnerability in index.php in Domain Group Network GooCMS 1.02 allows remote attackers to inject arbitrary web script or HTML via the s parameter in a comments action. | 4.3 |
| 2008-10-03 | CVE-2008-4423 | SQL Injection vulnerability in Ovidentia 6.6.5 SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action. | 6.5 |
| 2008-10-03 | CVE-2008-4409 | Resource Management Errors vulnerability in Xmlsoft Libxml2 2.7.0/2.7.1 libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. | 5.0 |
| 2008-10-03 | CVE-2008-4408 | Cross-Site Scripting vulnerability in Mediawiki 1.12.0/1.13.1 Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component. | 4.3 |
| 2008-10-03 | CVE-2008-4403 | Resource Management Errors vulnerability in Trend Micro Officescan 8.0 The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the "error handling mechanism." | 5.0 |
| 2008-10-03 | CVE-2008-3825 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. | 4.4 |
| 2008-10-03 | CVE-2008-2439 | Path Traversal vulnerability in Trend Micro Officescan and Worry Free Business Security Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. | 5.0 |
| 2008-10-03 | CVE-2008-2236 | Cross-Site Scripting vulnerability in Blosxom Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the flav parameter (flavour variable). | 4.3 |