Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-09-25 | CVE-2008-4242 | Cross-Site Request Forgery (CSRF) vulnerability in Proftpd Project Proftpd 1.3.1 ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. | 6.8 |
2008-09-24 | CVE-2008-4069 | Information Exposure vulnerability in Mozilla Firefox and Seamonkey The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file. | 5.0 |
2008-09-24 | CVE-2008-4067 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. | 4.3 |
2008-09-24 | CVE-2008-4066 | Cross-Site Scripting vulnerability in Mozilla Firefox 2.0.0.14/2.0.0.15/2.0.0.16 Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug." | 4.3 |
2008-09-24 | CVE-2008-4065 | Cross-Site Scripting vulnerability in multiple products Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug." | 4.3 |
2008-09-24 | CVE-2008-4207 | Information Exposure vulnerability in Attachmax Dolphin 2.1.0 Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php in the main folder, which allows remote attackers to obtain sensitive information via a direct request, which invokes the phpinfo function. | 5.0 |
2008-09-24 | CVE-2008-3663 | Cryptographic Issues vulnerability in Squirrelmail 1.4.15 Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | 5.0 |
2008-09-24 | CVE-2008-3098 | Cross-Site Scripting vulnerability in Fuzzylime CMS Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuzzylime (cms) before 3.03 allows remote attackers to inject arbitrary web script or HTML via the user parameter to the login form. | 4.3 |
2008-09-24 | CVE-2008-4194 | Resource Management Errors vulnerability in Pdnsd The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug." | 5.0 |
2008-09-24 | CVE-2008-4191 | Link Following vulnerability in Emacspeak INC Emacspeak 26.0/28.0 extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file. | 6.6 |