Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-08-20 | CVE-2008-3718 | SQL Injection vulnerability in Cyberbb 0.6 Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter to show_topic.php and the (2) user parameter to profile.php. | 6.5 |
2008-08-19 | CVE-2008-3717 | Permissions, Privileges, and Access Controls vulnerability in Harmoni Harmoni before 1.6.0 does not require administrative privileges to list (1) user names or (2) asset ids, which allows remote attackers to obtain sensitive information. | 5.0 |
2008-08-19 | CVE-2008-3716 | Cross-Site Request Forgery (CSRF) vulnerability in Harmoni Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component. | 6.0 |
2008-08-19 | CVE-2008-3714 | Cross-Site Scripting vulnerability in Awstats 6.8 Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945. | 4.3 |
2008-08-19 | CVE-2008-3710 | Path Traversal vulnerability in Hotscripts Cyboards PHP Lite 1.21 Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) script_path parameter to (a) options.php and the (2) lang_code parameter to (b) copy_vip.php and (c) process_edit_board.php in adminopts/. | 5.1 |
2008-08-19 | CVE-2008-3709 | Cross-Site Scripting vulnerability in Hotscripts Cyboards PHP Lite 1.21 Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the (1) lOptionsOptions, (2) lNavAdminOptions, or (3) lNavReturn parameter to options.php; or the (4) lNavReturn parameter to subscribe.php. | 4.3 |
2008-08-19 | CVE-2008-3708 | Path Traversal vulnerability in Dotcms 1.6.0.9 Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. | 4.3 |
2008-08-15 | CVE-2008-3701 | SQL Injection vulnerability in Kayako Supportsuite SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action. | 6.5 |
2008-08-15 | CVE-2008-3700 | Cross-Site Scripting vulnerability in Kayako Supportsuite Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation. | 4.3 |
2008-08-15 | CVE-2008-3660 | Improper Input Validation vulnerability in PHP PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php. | 5.0 |