Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-04 | CVE-2008-6398 | Link Following vulnerability in Eric Raymond SNG 1.0.2 sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files. | 6.9 |
| 2009-03-04 | CVE-2008-6397 | Link Following vulnerability in Alcovebook Sgml2X 1.0.0 rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.4 |
| 2009-03-04 | CVE-2008-6396 | Cross-Site Scripting vulnerability in Celerondude Uploader 6.1 Cross-site scripting (XSS) vulnerability in account.php in Celerondude Uploader 6.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 4.3 |
| 2009-03-04 | CVE-2009-0804 | Permissions, Privileges, and Access Controls vulnerability in Ziproxy 2.6.0 Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | 5.4 |
| 2009-03-04 | CVE-2009-0803 | Permissions, Privileges, and Access Controls vulnerability in Smoothwall Networkguardian, Schoolguardian and Smoothguardian SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | 5.4 |
| 2009-03-04 | CVE-2009-0802 | Permissions, Privileges, and Access Controls vulnerability in Qbik Wingate Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | 5.4 |
| 2009-03-04 | CVE-2009-0801 | Permissions, Privileges, and Access Controls vulnerability in Squid web Proxy Cache Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | 5.4 |
| 2009-03-04 | CVE-2009-0780 | Remote Denial of Service vulnerability in OpenBSD bgpd The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and 4.4 allows remote attackers to cause a denial of service (application crash) via an Autonomous System (AS) advertisement containing a long AS path. | 5.0 |
| 2009-03-03 | CVE-2009-0759 | Code Injection vulnerability in ZNC Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors. | 6.5 |
| 2009-03-03 | CVE-2009-0756 | Denial of Service vulnerability in Poppler The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference. | 5.0 |