Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-23 | CVE-2008-3519 | Configuration vulnerability in Redhat Jboss Enterprise Application Platform 4.2/4.3 The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273. | 4.3 |
| 2008-09-22 | CVE-2008-4162 | Link Following vulnerability in Nooms 1.1 Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the g_site_url parameter. | 4.3 |
| 2008-09-22 | CVE-2008-4161 | SQL Injection vulnerability in Assetman 2.5B SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action. | 6.8 |
| 2008-09-22 | CVE-2008-4160 | Resource Management Errors vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation. | 4.7 |
| 2008-09-22 | CVE-2008-4170 | Information Exposure vulnerability in Oscommerce 2.2 create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message. | 5.0 |
| 2008-09-22 | CVE-2008-4168 | Cross-Site Scripting vulnerability in Pro2Col Stingray FTS Cross-site scripting (XSS) vulnerability in verify_login.jsp in Pro2col Stingray FTS allows remote attackers to inject arbitrary web script or HTML via the form_username parameter (aka user name field). | 4.3 |
| 2008-09-22 | CVE-2008-4167 | Improper Authentication vulnerability in Ezphotogallery 2.1 useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account. | 6.4 |
| 2008-09-22 | CVE-2008-4166 | Numeric Errors vulnerability in Avantbrowser Avant Browser Integer overflow in the JavaScript engine in Avant Browser 11.7 Build 9 and earlier allows remote attackers to cause a denial of service (application crash) by attempting to URL encode a string containing many instances of an invalid character. | 4.3 |
| 2008-09-22 | CVE-2008-4165 | Cryptographic Issues vulnerability in Kolab Groupware Server 1.0.0 admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the referer string. | 4.0 |
| 2008-09-22 | CVE-2008-4158 | Path Traversal vulnerability in Zanfi Solutions Zanfi CMS Lite 1.2 Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |