Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-02 | CVE-2008-4382 | Resource Management Errors vulnerability in KDE Konqueror 3.5.9 Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. | 5.0 |
| 2008-10-02 | CVE-2008-4381 | Resource Management Errors vulnerability in Microsoft Internet Explorer 5/6/7 Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. | 5.0 |
| 2008-10-01 | CVE-2008-4379 | SQL Injection vulnerability in MR. CGI GUY HOT Links SQL PHP Cross-site scripting (XSS) vulnerability in report.php in Mr. | 4.3 |
| 2008-10-01 | CVE-2008-4372 | Cross-Site Scripting vulnerability in Availscript Article Script Cross-site scripting (XSS) vulnerability in articles.php in AvailScript Article Script allows remote attackers to inject arbitrary web script or HTML via the aIDS parameter. | 4.3 |
| 2008-10-01 | CVE-2008-4370 | Cross-Site Scripting vulnerability in Availscript Photo Album Multiple cross-site scripting (XSS) vulnerabilities in Availscript Photo Album allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to pics.php and the (2) a parameter to view.php. | 4.3 |
| 2008-10-01 | CVE-2008-4368 | Cryptographic Issues vulnerability in Apple mac OS X 10.5.4/10.5.5 The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE. | 5.0 |
| 2008-09-30 | CVE-2008-4366 | Improper Input Validation vulnerability in Camera Life Camera Life 2.6.2B4 Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/upload. | 6.5 |
| 2008-09-30 | CVE-2008-4365 | Cross-Site Scripting vulnerability in Siteman 1.1.1/1.1.10/1.1.9 Cross-site scripting (XSS) vulnerability in search.php in Siteman 1.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2008-09-30 | CVE-2008-4362 | Resource Management Errors vulnerability in Deslock 3.2.7 The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) via a crafted IOCTL request to \Device\DLPTokenWalter0. | 4.9 |
| 2008-09-30 | CVE-2008-4349 | Cross-Site Scripting vulnerability in S0Nic Paranews 3.4 Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0nic Paranews 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) page parameter in a details action. | 4.3 |