Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-23 | CVE-2008-4187 | Path Traversal vulnerability in Proactive CMS Proactive CMS Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. | 4.3 |
| 2008-09-23 | CVE-2008-4184 | Cross-Site Scripting vulnerability in Webcms Portal Edition Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal Edition allows remote attackers to inject arbitrary web script or HTML via the patron parameter. | 4.3 |
| 2008-09-23 | CVE-2008-4183 | Information Exposure vulnerability in Integramod 1.4 IntegraMOD 1.4.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup via a direct request to a backup/backup-yyyy-dd-mm.sql filename. | 5.0 |
| 2008-09-23 | CVE-2008-4182 | Cross-Site Scripting vulnerability in Horde Turba Contact Manager H3 2.2.1/3.1.1/3.2.2 Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session. | 4.3 |
| 2008-09-23 | CVE-2008-4181 | Path Traversal vulnerability in Netenberg Fantastico DE Luxe Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. | 6.8 |
| 2008-09-23 | CVE-2008-4180 | Information Exposure vulnerability in Nooms 1.1 Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the g_dbuser parameter and a password in the g_dbpwd parameter, and possibly a "localhost" g_dbhost parameter value, related to a "Mysql Remote Brute Force Vulnerability." | 5.0 |
| 2008-09-23 | CVE-2008-4179 | Cross-Site Scripting vulnerability in Nooms 1.1 Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) page_id parameter to smileys.php and the (2) q parameter to search.php. | 4.3 |
| 2008-09-23 | CVE-2008-4175 | SQL Injection vulnerability in Linkbidscript 1.5 Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) ucat parameter to upgrade.php and the (2) id parameter to linkadmin/edit.php. | 6.5 |
| 2008-09-23 | CVE-2008-4174 | Cross-Site Scripting vulnerability in Benjamin KUZ Dynamic MP3 Lister 2.0.1 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dynamic MP3 Lister 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) currentpath, (2) invert, (3) search, and (4) sort parameters. | 4.3 |
| 2008-09-23 | CVE-2008-3661 | Cryptographic Issues vulnerability in Drupal Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | 5.0 |