Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-29 | CVE-2008-4323 | Denial-Of-Service vulnerability in Microsoft Windows XP SP3 Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. network microsoft | 4.3 |
| 2008-09-29 | CVE-2008-4320 | Cross-Site Scripting vulnerability in Opennms.Org Opennms Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list. | 4.3 |
| 2008-09-29 | CVE-2008-4319 | Improper Authentication vulnerability in Libra File Manager PHP Filemanager fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string. | 6.4 |
| 2008-09-29 | CVE-2008-4302 | Improper Locking vulnerability in multiple products fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool. | 5.5 |
| 2008-09-29 | CVE-2008-4300 | Unspecified vulnerability in Microsoft Internet Information Services A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. | 5.0 |
| 2008-09-29 | CVE-2008-4299 | Numeric Errors vulnerability in Microsoft Internet Authentication Service Helper COM Component A certain ActiveX control in the Microsoft Internet Authentication Service (IAS) Helper COM Component in iashlpr.dll allows remote attackers to cause a denial of service (browser crash) via a large integer value in the first argument to the PutProperty method. | 5.0 |
| 2008-09-29 | CVE-2008-4192 | Link Following vulnerability in Redhat Cman 2.20080629/2.20080801 The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file. | 6.9 |
| 2008-09-29 | CVE-2008-4120 | Cross-Site Scripting vulnerability in Flatpress 0.804 Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php. | 4.3 |
| 2008-09-29 | CVE-2008-3524 | Link Following vulnerability in Redhat Fedora and Initscripts rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run. | 4.7 |
| 2008-09-27 | CVE-2008-4298 | Resource Management Errors vulnerability in Lighttpd Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers. | 5.0 |