Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-04 | CVE-2009-0805 | Cross-Site Scripting vulnerability in Mihai Bazon Pical Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php. | 4.3 |
| 2009-03-04 | CVE-2008-6398 | Link Following vulnerability in Eric Raymond SNG 1.0.2 sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files. | 6.9 |
| 2009-03-04 | CVE-2008-6397 | Link Following vulnerability in Alcovebook Sgml2X 1.0.0 rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.4 |
| 2009-03-04 | CVE-2008-6396 | Cross-Site Scripting vulnerability in Celerondude Uploader 6.1 Cross-site scripting (XSS) vulnerability in account.php in Celerondude Uploader 6.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 4.3 |
| 2009-03-04 | CVE-2009-0804 | Permissions, Privileges, and Access Controls vulnerability in Ziproxy 2.6.0 Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | 5.4 |
| 2009-03-04 | CVE-2009-0803 | Permissions, Privileges, and Access Controls vulnerability in Smoothwall Networkguardian, Schoolguardian and Smoothguardian SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | 5.4 |
| 2009-03-04 | CVE-2009-0802 | Permissions, Privileges, and Access Controls vulnerability in Qbik Wingate Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | 5.4 |
| 2009-03-04 | CVE-2009-0801 | Permissions, Privileges, and Access Controls vulnerability in Squid web Proxy Cache Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | 5.4 |
| 2009-03-04 | CVE-2009-0780 | Remote Denial of Service vulnerability in OpenBSD bgpd The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and 4.4 allows remote attackers to cause a denial of service (application crash) via an Autonomous System (AS) advertisement containing a long AS path. | 5.0 |
| 2009-03-03 | CVE-2009-0759 | Code Injection vulnerability in ZNC Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors. | 6.5 |