Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-18 | CVE-2008-4118 | Cross-Site Scripting vulnerability in High Norm Sound Master 2ND 1.0 Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-09-18 | CVE-2008-4098 | Link Following vulnerability in multiple products MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. | 4.6 |
| 2008-09-18 | CVE-2008-4097 | Permissions, Privileges, and Access Controls vulnerability in Oracle Mysql 5.0.51A MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. | 4.6 |
| 2008-09-18 | CVE-2008-3195 | Path Traversal vulnerability in Twiki Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. | 6.8 |
| 2008-09-16 | CVE-2008-4115 | Information Exposure vulnerability in Talkback 2.3.6 TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. | 5.0 |
| 2008-09-16 | CVE-2008-3950 | Numeric Errors vulnerability in Apple Iphone, Ipod Touch and Safari Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read. | 5.0 |
| 2008-09-16 | CVE-2008-3622 | Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection." | 4.3 |
| 2008-09-16 | CVE-2008-3617 | Credentials Management vulnerability in Apple mac OS X and mac OS X Server Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer. | 5.0 |
| 2008-09-16 | CVE-2008-3613 | Resource Management Errors vulnerability in Apple mac OS X 10.5.2/10.5.3/10.5.4 Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network. | 6.1 |
| 2008-09-16 | CVE-2008-3611 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen. | 6.3 |