Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-15 | CVE-2008-4080 | SQL Injection vulnerability in Stash 1.0.3 SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. | 6.8 |
| 2008-09-15 | CVE-2008-4079 | Cross-Site Scripting vulnerability in SIX Apart Movable Type Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-09-15 | CVE-2008-4076 | Cross-Site Scripting vulnerability in TOR World products Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917. | 4.3 |
| 2008-09-15 | CVE-2008-4075 | Path Traversal vulnerability in Dino D-Iscussion Board 3.01 Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. | 6.8 |
| 2008-09-15 | CVE-2008-4071 | Improper Input Validation vulnerability in Adobe Acrobat 9 A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. | 5.0 |
| 2008-09-12 | CVE-2008-3824 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message. | 4.3 |
| 2008-09-12 | CVE-2008-3823 | Cross-Site Scripting vulnerability in Horde 3.2/3.2.1 Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message. | 4.3 |
| 2008-09-11 | CVE-2008-4056 | Cross-Site Scripting vulnerability in Matterdaddy Market 1.1 Cross-site scripting (XSS) vulnerability in admin/login.php in Matterdaddy Market 1.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
| 2008-09-11 | CVE-2008-4053 | Cross-Site Scripting vulnerability in Bluemoon Popnupblog 3.20/3.30 Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) cat_id, and (3) view parameters. | 4.3 |
| 2008-09-11 | CVE-2008-4051 | Cross-Site Scripting vulnerability in Jandus Technologies Smart Survey 1.0 Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart Survey 1.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | 4.3 |