Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-06 | CVE-2009-0769 | Resource Management Errors vulnerability in QIP 2005 QIP 2005 build 8082 allows remote attackers to cause a denial of service (CPU consumption and application hang) via a crafted Rich Text Format (RTF) ICQ message, as demonstrated by an {\rtf\pict\&&} message. | 4.3 |
| 2009-03-06 | CVE-2009-0767 | Permissions, Privileges, and Access Controls vulnerability in Bookelves Kipper 2.01 Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data. | 5.0 |
| 2009-03-06 | CVE-2009-0764 | Cross-Site Scripting vulnerability in Bookelves Kipper 2.01 Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 allow remote attackers to inject arbitrary web script or HTML via the charm parameter to (1) index.php and (2) kipper.php. | 4.3 |
| 2009-03-06 | CVE-2009-0763 | Cross-Site Scripting vulnerability in Bookelves Kipper 2.01 Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 allows remote attackers to inject arbitrary web script or HTML via the charm parameter. | 4.3 |
| 2009-03-06 | CVE-2009-0762 | Cross-Site Scripting vulnerability in Scriptsez EZ PHP Comment Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP Comment allows remote attackers to inject arbitrary web script or HTML via the name parameter. | 4.3 |
| 2009-03-06 | CVE-2009-0761 | Cross-Site Scripting vulnerability in Team5.Team Board products Cross-site scripting (XSS) vulnerability in online.asp in Team Board 1.x allows remote attackers to inject arbitrary web script or HTML via the lookname parameter. | 4.3 |
| 2009-03-06 | CVE-2009-0760 | Permissions, Privileges, and Access Controls vulnerability in Team5 Team Board 1.0.0/2.0.0 Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb. | 5.0 |
| 2009-03-05 | CVE-2009-0831 | SQL Injection vulnerability in PHP-Fusion Members CV Module 1.0 SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter. | 6.0 |
| 2009-03-05 | CVE-2009-0830 | Cross-Site Scripting vulnerability in Andrew Freed Quotebook Cross-site scripting (XSS) vulnerability in QuoteBook allows remote attackers to inject arbitrary web script or HTML via the (1) QuoteName and (2) QuoteText parameters to quotesadd.php. | 4.3 |
| 2009-03-05 | CVE-2009-0828 | Permissions, Privileges, and Access Controls vulnerability in Freedville Quotebook QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request. | 5.0 |