Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2008-08-20 CVE-2008-3718 SQL Injection vulnerability in Cyberbb 0.6
Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter to show_topic.php and the (2) user parameter to profile.php.
network
low complexity
cyberbb CWE-89
6.5
6.5
2008-08-19 CVE-2008-3717 Permissions, Privileges, and Access Controls vulnerability in Harmoni
Harmoni before 1.6.0 does not require administrative privileges to list (1) user names or (2) asset ids, which allows remote attackers to obtain sensitive information.
network
low complexity
harmoni CWE-264
5.0
5.0
2008-08-19 CVE-2008-3716 Cross-Site Request Forgery (CSRF) vulnerability in Harmoni
Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component.
network
harmoni CWE-352
6.0
6.0
2008-08-19 CVE-2008-3714 Cross-Site Scripting vulnerability in Awstats 6.8
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.
network
awstats CWE-79
4.3
4.3
2008-08-19 CVE-2008-3710 Path Traversal vulnerability in Hotscripts Cyboards PHP Lite 1.21
Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) script_path parameter to (a) options.php and the (2) lang_code parameter to (b) copy_vip.php and (c) process_edit_board.php in adminopts/.
network
high complexity
hotscripts CWE-22
5.1
5.1
2008-08-19 CVE-2008-3709 Cross-Site Scripting vulnerability in Hotscripts Cyboards PHP Lite 1.21
Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the (1) lOptionsOptions, (2) lNavAdminOptions, or (3) lNavReturn parameter to options.php; or the (4) lNavReturn parameter to subscribe.php.
network
hotscripts CWE-79
4.3
4.3
2008-08-19 CVE-2008-3708 Path Traversal vulnerability in Dotcms 1.6.0.9
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a ..
network
dotcms CWE-22
4.3
4.3
2008-08-15 CVE-2008-3701 SQL Injection vulnerability in Kayako Supportsuite
SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action.
network
low complexity
kayako CWE-89
6.5
6.5
2008-08-15 CVE-2008-3700 Cross-Site Scripting vulnerability in Kayako Supportsuite
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.
network
kayako CWE-79
4.3
4.3
2008-08-15 CVE-2008-3660 Improper Input Validation vulnerability in PHP
PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.
network
low complexity
php CWE-20
5.0
5.0