Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-22 | CVE-2008-4160 | Resource Management Errors vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation. | 4.7 |
| 2008-09-22 | CVE-2008-4170 | Information Exposure vulnerability in Oscommerce 2.2 create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message. | 5.0 |
| 2008-09-22 | CVE-2008-4168 | Cross-Site Scripting vulnerability in Pro2Col Stingray FTS Cross-site scripting (XSS) vulnerability in verify_login.jsp in Pro2col Stingray FTS allows remote attackers to inject arbitrary web script or HTML via the form_username parameter (aka user name field). | 4.3 |
| 2008-09-22 | CVE-2008-4167 | Improper Authentication vulnerability in Ezphotogallery 2.1 useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account. | 6.4 |
| 2008-09-22 | CVE-2008-4166 | Numeric Errors vulnerability in Avantbrowser Avant Browser Integer overflow in the JavaScript engine in Avant Browser 11.7 Build 9 and earlier allows remote attackers to cause a denial of service (application crash) by attempting to URL encode a string containing many instances of an invalid character. | 4.3 |
| 2008-09-22 | CVE-2008-4165 | Cryptographic Issues vulnerability in Kolab Groupware Server 1.0.0 admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the referer string. | 4.0 |
| 2008-09-22 | CVE-2008-4158 | Path Traversal vulnerability in Zanfi Solutions Zanfi CMS Lite 1.2 Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2008-09-19 | CVE-2008-4156 | SQL Injection vulnerability in Customcms Gaming Portal 4.0 SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Portal 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.8 |
| 2008-09-19 | CVE-2008-4133 | Improper Input Validation vulnerability in D-Link Dir-100 1.02/1.12 The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. | 4.3 |
| 2008-09-18 | CVE-2008-4130 | Cross-Site Scripting vulnerability in Gallery Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to "interact with the embedding page." | 4.3 |