Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-06 | CVE-2009-0761 | Cross-Site Scripting vulnerability in Team5.Team Board products Cross-site scripting (XSS) vulnerability in online.asp in Team Board 1.x allows remote attackers to inject arbitrary web script or HTML via the lookname parameter. | 4.3 |
| 2009-03-06 | CVE-2009-0760 | Permissions, Privileges, and Access Controls vulnerability in Team5 Team Board 1.0.0/2.0.0 Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb. | 5.0 |
| 2009-03-05 | CVE-2009-0831 | SQL Injection vulnerability in PHP-Fusion Members CV Module 1.0 SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter. | 6.0 |
| 2009-03-05 | CVE-2009-0830 | Cross-Site Scripting vulnerability in Andrew Freed Quotebook Cross-site scripting (XSS) vulnerability in QuoteBook allows remote attackers to inject arbitrary web script or HTML via the (1) QuoteName and (2) QuoteText parameters to quotesadd.php. | 4.3 |
| 2009-03-05 | CVE-2009-0828 | Permissions, Privileges, and Access Controls vulnerability in Freedville Quotebook QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request. | 5.0 |
| 2009-03-05 | CVE-2009-0827 | Permissions, Privileges, and Access Controls vulnerability in Freedville Pollhelper PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. | 5.0 |
| 2009-03-05 | CVE-2009-0826 | Permissions, Privileges, and Access Controls vulnerability in Freedville Bloghelper BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. | 5.0 |
| 2009-03-05 | CVE-2008-6400 | Cross-Site Scripting vulnerability in Refbase Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. | 4.3 |
| 2009-03-05 | CVE-2008-6399 | Permissions, Privileges, and Access Controls vulnerability in Dotnetnuke Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors. | 6.4 |
| 2009-03-05 | CVE-2009-0821 | Resource Management Errors vulnerability in Mozilla Firefox Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element. | 5.0 |