Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-02 | CVE-2008-6361 | Path Traversal vulnerability in Insun Podcast Feedcms 1.7.319Beta Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 19Beta allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter. | 6.8 |
| 2009-03-02 | CVE-2008-6360 | Cross-Site Scripting vulnerability in Impresscms 1.0.2 Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter. | 4.3 |
| 2009-03-02 | CVE-2008-6359 | Cross-Site Scripting vulnerability in PHPf1 Max'S Guestbook Cross-site scripting (XSS) vulnerability in index.php in Max's Guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) message parameters. | 4.3 |
| 2009-03-02 | CVE-2008-6357 | Permissions, Privileges, and Access Controls vulnerability in Donnafontenot Mycal Personal Events Calendar MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb. | 5.0 |
| 2009-03-02 | CVE-2008-6356 | Permissions, Privileges, and Access Controls vulnerability in Donnafontenot Evcal Events Calendar evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb. | 5.0 |
| 2009-03-02 | CVE-2008-6355 | Permissions, Privileges, and Access Controls vulnerability in Thenetguys Aspired2Protect The Net Guys ASPired2Protect stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2Protect.mdb. | 5.0 |
| 2009-03-02 | CVE-2008-6354 | Permissions, Privileges, and Access Controls vulnerability in Thenetguys Aspired2Poll The Net Guys ASPired2poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2poll.mdb. | 5.0 |
| 2009-03-02 | CVE-2008-6351 | Cross-Site Scripting vulnerability in Turnkeyforms Local Classifieds Cross-site scripting (XSS) vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to inject arbitrary web script or HTML via the r parameter. | 4.3 |
| 2009-02-27 | CVE-2009-0744 | Improper Input Validation vulnerability in Apple Safari 4.0 Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) character, followed by an & (ampersand) character. | 5.0 |
| 2009-02-27 | CVE-2008-6346 | Cross-Site Scripting vulnerability in Dennis Royer DR Wiki Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |