Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-05 | CVE-2009-0827 | Permissions, Privileges, and Access Controls vulnerability in Freedville Pollhelper PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. | 5.0 |
| 2009-03-05 | CVE-2009-0826 | Permissions, Privileges, and Access Controls vulnerability in Freedville Bloghelper BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. | 5.0 |
| 2009-03-05 | CVE-2008-6400 | Cross-Site Scripting vulnerability in Refbase Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. | 4.3 |
| 2009-03-05 | CVE-2008-6399 | Permissions, Privileges, and Access Controls vulnerability in Dotnetnuke Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors. | 6.4 |
| 2009-03-05 | CVE-2009-0821 | Resource Management Errors vulnerability in Mozilla Firefox Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element. | 5.0 |
| 2009-03-05 | CVE-2009-0819 | Remote Denial Of Service vulnerability in MySQL XPath Expression sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. | 4.0 |
| 2009-03-05 | CVE-2009-0816 | Cross-Site Scripting vulnerability in Typo3 Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields. | 4.3 |
| 2009-03-05 | CVE-2009-0815 | Information Exposure vulnerability in Typo3 The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request. | 5.0 |
| 2009-03-05 | CVE-2009-0814 | Cross-Site Scripting vulnerability in Blogsa Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 Beta 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. | 4.3 |
| 2009-03-05 | CVE-2009-0777 | Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. | 5.8 |