Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-02 | CVE-2008-6386 | Cross-Site Scripting vulnerability in 1Scripts Z1Exchange 1.0 Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
| 2009-03-02 | CVE-2008-6385 | Cross-Site Scripting vulnerability in W3Matter Revsense 1.0 Cross-site scripting (XSS) vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. | 4.3 |
| 2009-03-02 | CVE-2008-6384 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Comment Mail 5.X0.1/5.X1.0/5.X1.X Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a module for Drupal, allow remote attackers to hijack the authentication of administrators. | 6.8 |
| 2009-03-02 | CVE-2008-6383 | SQL Injection vulnerability in Drupal Storm SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors. | 6.0 |
| 2009-03-02 | CVE-2008-6382 | Permissions, Privileges, and Access Controls vulnerability in Aspportal 3.2.5 ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb. | 5.0 |
| 2009-03-02 | CVE-2008-6381 | SQL Injection vulnerability in Bcoos SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter. | 4.6 |
| 2009-03-02 | CVE-2008-6375 | Permissions, Privileges, and Access Controls vulnerability in Nexusjnr Jbook JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb. | 5.0 |
| 2009-03-02 | CVE-2008-6374 | Permissions, Privileges, and Access Controls vulnerability in Codefixer Mailinglistpro CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb. | 5.0 |
| 2009-03-02 | CVE-2008-6373 | Code Injection vulnerability in Nagios Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments." | 5.0 |
| 2009-03-02 | CVE-2008-6370 | Cross-Site Scripting vulnerability in Ocean12Tech Contact Manager PRO 1.02 Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to inject arbitrary web script or HTML via the DisplayFormat parameter. | 4.3 |