Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-09-11 | CVE-2008-4049 | Improper Input Validation vulnerability in Friendly Technologies Friendly Pppoe Client 3.0.0.57 A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method. | 6.8 |
2008-09-11 | CVE-2008-4048 | Buffer Errors vulnerability in Friendly Technologies Friendly Pppoe Client 3.0.0.57 Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary code via a long third argument to the CreateURLShortcut method. | 6.8 |
2008-09-11 | CVE-2008-4045 | Cross-Site Scripting vulnerability in @Mail 5.42 Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML via the (1) file and (2) HelpFile parameters to parse.php, the (3) Folder and (4) start parameters to showmail.php, and the (5) abookview parameter to abook.php. | 4.3 |
2008-09-11 | CVE-2008-4041 | Improper Input Validation vulnerability in Softalk Mail Server Softalk Mail Server 8.5.1.431 The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1.431 allows remote authenticated users to cause a denial of service (resource consumption and daemon crash) via a long IMAP APPEND command with certain repeated parameters. | 4.0 |
2008-09-11 | CVE-2008-3972 | Permissions, Privileges, and Access Controls vulnerability in Opensc-Project Opensc pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235. | 6.6 |
2008-09-11 | CVE-2008-3969 | Permissions, Privileges, and Access Controls vulnerability in Bitlbee Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920. | 5.0 |
2008-09-11 | CVE-2008-3968 | Cross-Site Scripting vulnerability in Punbb Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | 4.3 |
2008-09-11 | CVE-2008-3966 | Cross-Site Scripting vulnerability in Mybb Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php. | 4.3 |
2008-09-11 | CVE-2008-3964 | Off-by-one Error vulnerability in Libpng Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c. | 4.3 |
2008-09-11 | CVE-2008-3963 | USE of Externally-Controlled Format String vulnerability in multiple products MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement. | 4.0 |