Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-02 | CVE-2008-3887 | SQL Injection vulnerability in Dotproject 2.1.2 Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in a viewuser action. | 6.0 |
| 2008-09-02 | CVE-2008-3886 | Cross-Site Scripting vulnerability in Dotproject 2.1.2 Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, (2) the date parameter in a calendar day_view action, (3) the callback parameter in a public calendar action, or (4) the type parameter in a ticketsmith action. | 4.3 |
| 2008-09-02 | CVE-2008-3885 | Cross-Site Request Forgery (CSRF) vulnerability in Blogn 1.9.3 Cross-site request forgery (CSRF) vulnerability in Blogn (BURO GUN) 1.9.7 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make content modifications. | 6.8 |
| 2008-09-02 | CVE-2008-3884 | Cross-Site Scripting vulnerability in Blogn Cross-site scripting (XSS) vulnerability in Blogn (BURO GUN) 1.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2006-6176. | 4.3 |
| 2008-09-02 | CVE-2008-3881 | Cross-Site Scripting vulnerability in Zoneminder Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files. | 4.3 |
| 2008-08-29 | CVE-2008-2929 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping. | 4.3 |
| 2008-08-29 | CVE-2008-3873 | Unspecified vulnerability in Adobe Flash Player The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008. network adobe | 4.3 |
| 2008-08-29 | CVE-2008-3860 | Cross-Site Scripting vulnerability in IBM Lotus Quickr 8.1 Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. | 4.3 |
| 2008-08-29 | CVE-2008-3859 | Credentials Management vulnerability in Davlin Thickbox Gallery 2 Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php. | 5.0 |
| 2008-08-28 | CVE-2008-3858 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.1 The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT data stream that simulates a V7 client connect request. | 4.3 |