Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-24 | CVE-2008-4151 | Path Traversal vulnerability in Cyask 3 Directory traversal vulnerability in collect.php in CYASK 3.x allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2008-09-24 | CVE-2008-4149 | Cross-Site Scripting vulnerability in Drupal Link TO US 5.X1.Xdev Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to Us module 5.x before 5.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link page header" field. | 4.3 |
| 2008-09-24 | CVE-2008-4147 | Cross-Site Scripting vulnerability in Drupal Mailsave Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x before 5.x-3.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an attached file that has a modified Content-Type. | 4.3 |
| 2008-09-24 | CVE-2008-4146 | Improper Authentication vulnerability in Addalink Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field. | 5.0 |
| 2008-09-24 | CVE-2008-4145 | SQL Injection vulnerability in Addalink SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | 6.8 |
| 2008-09-24 | CVE-2008-4140 | Cross-Site Scripting vulnerability in Opensolution Quick.Cart 3.1 Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
| 2008-09-24 | CVE-2008-4136 | Improper Input Validation vulnerability in Michael Roth Software Pftp 6.0F Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote attackers to cause a denial of service (service crash) via multiple RETR commands, possibly involving long filenames. | 5.0 |
| 2008-09-23 | CVE-2008-4187 | Path Traversal vulnerability in Proactive CMS Proactive CMS Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. | 4.3 |
| 2008-09-23 | CVE-2008-4184 | Cross-Site Scripting vulnerability in Webcms Portal Edition Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal Edition allows remote attackers to inject arbitrary web script or HTML via the patron parameter. | 4.3 |
| 2008-09-23 | CVE-2008-4183 | Information Exposure vulnerability in Integramod 1.4 IntegraMOD 1.4.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup via a direct request to a backup/backup-yyyy-dd-mm.sql filename. | 5.0 |