Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-27 | CVE-2008-6317 | Path Traversal vulnerability in PHPmygallery 1.5 Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2009-02-27 | CVE-2008-6316 | Path Traversal vulnerability in PHPmygallery 1.0 Directory traversal vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2009-02-27 | CVE-2008-6313 | Path Traversal vulnerability in PHPaddedit 1.3 Directory traversal vulnerability in addedit-render.php in phpAddEdit 1.3, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a URL in the editform parameter. | 6.8 |
| 2009-02-27 | CVE-2008-6308 | Path Traversal vulnerability in Punbb Private Messaging System 1.2.0/1.2.1/1.2.2 Multiple directory traversal vulnerabilities in Private Messaging System (PMS) 1.2.3 and earlier for PunBB allow remote attackers to include and execute arbitrary files via a .. | 5.1 |
| 2009-02-26 | CVE-2008-6306 | Cross-Site Scripting vulnerability in Softbizscripts Classifieds Script Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz Classifieds Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
| 2009-02-26 | CVE-2008-6305 | Code Injection vulnerability in Freedirectoryscript Free Directory Script 1.1.1 PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the API_HOME_DIR parameter. | 6.8 |
| 2009-02-26 | CVE-2009-0624 | Remote vulnerability in Multiple Cisco ACE Products Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet. | 6.8 |
| 2009-02-26 | CVE-2009-0524 | Cross-Site Scripting vulnerability in Adobe Robohelp and Robohelp Server Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp. | 4.3 |
| 2009-02-26 | CVE-2009-0523 | Cross-Site Scripting vulnerability in Adobe Robohelp and Robohelp Server Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log. | 4.3 |
| 2009-02-26 | CVE-2009-0522 | Remote Security vulnerability in Flash Player Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." Per: http://www.adobe.com/support/security/bulletins/apsb09-01.html "This update resolves a Windows-only issue with mouse pointer display that could potentially contribute to a Clickjacking attack. | 4.3 |