Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-26 | CVE-2009-0507 | Configuration vulnerability in IBM Websphere Process Server 6.1.2/6.1.2.1 IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member. | 4.0 |
| 2009-02-26 | CVE-2009-0114 | Remote Security vulnerability in Flash Player Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant." | 5.8 |
| 2009-02-26 | CVE-2008-6298 | Improper Input Validation vulnerability in Rocketeer.Dip Sisapilocation 1.0.1.3/1.0.1.4 Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remote attackers to bypass intended access restrictions for character encoding and the cookie secure flag via unknown vectors related to the "HTTP header rewrite function." | 5.0 |
| 2009-02-26 | CVE-2008-6297 | Cross-Site Scripting vulnerability in Dhcart 3.84 Cross-site scripting (XSS) vulnerability in order.php in DHCart allows remote attackers to inject arbitrary web script or HTML via the (1) domain and (2) d1 parameters. | 4.3 |
| 2009-02-26 | CVE-2008-6295 | Cross-Site Scripting vulnerability in Camera Life Camera Life 2.6.2B8 Multiple cross-site scripting (XSS) vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.php and (2) rss.php; the query string after the image name in (3) photos/photo; the path parameter to (4) folder.php; page parameter and REQUEST_URI to (5) login.php; ver parameter to (6) media.php; theme parameter to (7) modules/iconset/iconset-debug.php; and the REQUEST_URI to (8) index.php. | 4.3 |
| 2009-02-26 | CVE-2008-6290 | Path Traversal vulnerability in Niclor Include Sito Directory traversal vulnerability in includefile.php in nicLOR Sito, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. | 6.8 |
| 2009-02-26 | CVE-2008-5263 | Buffer Errors vulnerability in Dmitry Baryshev Ksquirrel-Libs 0.8.0 Multiple stack-based buffer overflows in the mt_codec::getHdrHead function in kernel/kls_hdr/fmt_codec_hdr.cpp in ksquirrel-libs 0.8.0 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE image (aka .hdr file). | 6.8 |
| 2009-02-25 | CVE-2008-6283 | Cross-Site Scripting vulnerability in Subtextproject Subtext 2.0 Cross-site scripting (XSS) vulnerability in Subtext 2.0 allows remote attackers to inject arbitrary web script or HTML via a comment, related to "the feature which converts URLs to anchor tags." | 4.3 |
| 2009-02-25 | CVE-2008-6282 | SQL Injection vulnerability in Ortus.Nirn CMS Ortus 1.10.1/1.11/1.12 SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php. | 6.5 |
| 2009-02-25 | CVE-2008-6280 | Cross-Site Scripting vulnerability in Cisco Wrt160N Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation. | 4.3 |