Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-08-27 | CVE-2008-3746 | Denial Of Service vulnerability in Webdav Neon 0.28.0/0.28.1/0.28.2 neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function. network webdav | 4.3 |
2008-08-27 | CVE-2008-3745 | Permissions, Privileges, and Access Controls vulnerability in Drupal and Upload Module The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors. | 5.5 |
2008-08-27 | CVE-2008-3744 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules. | 5.8 |
2008-08-27 | CVE-2008-3743 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements. | 5.8 |
2008-08-27 | CVE-2008-3742 | Permissions, Privileges, and Access Controls vulnerability in Drupal Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated. | 6.5 |
2008-08-27 | CVE-2008-3740 | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-08-26 | CVE-2008-3794 | Numeric Errors vulnerability in Videolan VLC Media Player 0.8.6I Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow. | 6.8 |
2008-08-26 | CVE-2008-3788 | SQL Injection vulnerability in Picturespro Photo Cart 3.9 Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php. | 6.8 |
2008-08-26 | CVE-2008-3786 | Cross-Site Scripting vulnerability in Picturespro Photo Cart 3.9 Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action. | 4.3 |
2008-08-26 | CVE-2008-3783 | SQL Injection vulnerability in Matterdaddy Market 1.1 Multiple SQL injection vulnerabilities in index.php in Matterdaddy Market 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters. | 6.8 |