Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-09-24 | CVE-2008-4066 | Cross-Site Scripting vulnerability in Mozilla Firefox 2.0.0.14/2.0.0.15/2.0.0.16 Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug." | 4.3 |
2008-09-24 | CVE-2008-4065 | Cross-Site Scripting vulnerability in multiple products Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug." | 4.3 |
2008-09-24 | CVE-2008-4207 | Information Exposure vulnerability in Attachmax Dolphin 2.1.0 Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php in the main folder, which allows remote attackers to obtain sensitive information via a direct request, which invokes the phpinfo function. | 5.0 |
2008-09-24 | CVE-2008-3663 | Cryptographic Issues vulnerability in Squirrelmail 1.4.15 Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | 5.0 |
2008-09-24 | CVE-2008-3098 | Cross-Site Scripting vulnerability in Fuzzylime CMS Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuzzylime (cms) before 3.03 allows remote attackers to inject arbitrary web script or HTML via the user parameter to the login form. | 4.3 |
2008-09-24 | CVE-2008-4194 | Resource Management Errors vulnerability in Pdnsd The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug." | 5.0 |
2008-09-24 | CVE-2008-4191 | Link Following vulnerability in Emacspeak INC Emacspeak 26.0/28.0 extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file. | 6.6 |
2008-09-24 | CVE-2008-4190 | Link Following vulnerability in multiple products The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. | 4.4 |
2008-09-24 | CVE-2008-3102 | Cryptographic Issues vulnerability in Mantisbt Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | 5.0 |
2008-09-24 | CVE-2008-4153 | Permissions, Privileges, and Access Controls vulnerability in Drupal Talk The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, does not perform access checks for a node before displaying comments, which allows remote attackers to obtain sensitive information. | 5.0 |