Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-21 | CVE-2008-3761 | Improper Input Validation vulnerability in VMWare Workstation 6.0.0.45731 hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local users to cause a denial of service via a crafted IOCTL request. | 4.9 |
| 2008-08-21 | CVE-2008-3760 | Cross-Site Request Forgery (CSRF) vulnerability in Lussumo Vanilla Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php. | 4.3 |
| 2008-08-21 | CVE-2008-3758 | Cross-Site Scripting vulnerability in Lussumo Vanilla Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. | 4.3 |
| 2008-08-20 | CVE-2008-3735 | Cross-Site Scripting vulnerability in PHPizabi 0.848B Cross-site scripting (XSS) vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action. | 4.3 |
| 2008-08-20 | CVE-2008-3731 | Remote Denial of Service vulnerability in RhinoSoft Serv-U SFTP Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging. | 4.0 |
| 2008-08-20 | CVE-2008-3730 | Cross-Site Scripting vulnerability in Nordicwind Noah and Nordicwind Document Management System Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-08-20 | CVE-2008-3728 | Permissions, Privileges, and Access Controls vulnerability in Microworld Technologies Mailscan 5.6.A Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests to files under LOG/. | 5.0 |
| 2008-08-20 | CVE-2008-3727 | Path Traversal vulnerability in Microworld Technologies Mailscan 5.6.A Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2008-08-20 | CVE-2008-3726 | Cross-Site Scripting vulnerability in Microworld Technologies Mailscan 5.6.A Cross-site scripting (XSS) vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI. | 4.3 |
| 2008-08-20 | CVE-2008-3723 | Path Traversal vulnerability in PHPizabi 0.848B Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. | 6.3 |