Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-09-16 | CVE-2008-2331 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator. | 5.0 |
2008-09-16 | CVE-2008-2330 | Information Exposure vulnerability in Apple mac OS X Server slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue." | 4.9 |
2008-09-16 | CVE-2008-2312 | Credentials Management vulnerability in Apple mac OS X and mac OS X Server Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. | 4.9 |
2008-09-15 | CVE-2008-4093 | SQL Injection vulnerability in Yourownbux 3.1/3.2 SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. | 6.8 |
2008-09-15 | CVE-2008-4091 | SQL Injection vulnerability in Source Workshop web Directory Script 1.5.3 SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. | 6.8 |
2008-09-15 | CVE-2008-4089 | Cross-Site Scripting vulnerability in Myphpnuke 1.8.87/1.8.88 Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | 4.3 |
2008-09-15 | CVE-2008-4087 | Buffer Errors vulnerability in Acoustica Beatcraft 1.02 Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allows user-assisted attackers to cause a denial of service or execute arbitrary code via a Beatcraft Project (aka bcproj) file with a long string in a certain instruments title field. | 6.8 |
2008-09-15 | CVE-2008-4085 | Link Following vulnerability in Stephenjungels Plait plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/. | 4.4 |
2008-09-15 | CVE-2008-4084 | SQL Injection vulnerability in Myiosoft Easyclassifields 3.0 SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action. | 6.8 |
2008-09-15 | CVE-2008-4082 | SQL Injection vulnerability in Brim-Project Brim 2.0.0 SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php. | 4.6 |