Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-09-23 | CVE-2008-4182 | Cross-Site Scripting vulnerability in Horde Turba Contact Manager H3 2.2.1/3.1.1/3.2.2 Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session. | 4.3 |
2008-09-23 | CVE-2008-4181 | Path Traversal vulnerability in Netenberg Fantastico DE Luxe Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. | 6.8 |
2008-09-23 | CVE-2008-4180 | Information Exposure vulnerability in Nooms 1.1 Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the g_dbuser parameter and a password in the g_dbpwd parameter, and possibly a "localhost" g_dbhost parameter value, related to a "Mysql Remote Brute Force Vulnerability." | 5.0 |
2008-09-23 | CVE-2008-4179 | Cross-Site Scripting vulnerability in Nooms 1.1 Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) page_id parameter to smileys.php and the (2) q parameter to search.php. | 4.3 |
2008-09-23 | CVE-2008-4175 | SQL Injection vulnerability in Linkbidscript 1.5 Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) ucat parameter to upgrade.php and the (2) id parameter to linkadmin/edit.php. | 6.5 |
2008-09-23 | CVE-2008-4174 | Cross-Site Scripting vulnerability in Benjamin KUZ Dynamic MP3 Lister 2.0.1 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dynamic MP3 Lister 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) currentpath, (2) invert, (3) search, and (4) sort parameters. | 4.3 |
2008-09-23 | CVE-2008-3661 | Cryptographic Issues vulnerability in Drupal Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | 5.0 |
2008-09-23 | CVE-2008-3519 | Configuration vulnerability in Redhat Jboss Enterprise Application Platform 4.2/4.3 The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273. | 4.3 |
2008-09-22 | CVE-2008-4162 | Link Following vulnerability in Nooms 1.1 Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the g_site_url parameter. | 4.3 |
2008-09-22 | CVE-2008-4161 | SQL Injection vulnerability in Assetman 2.5B SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action. | 6.8 |