Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-09-04 | CVE-2008-3921 | Cross-Site Scripting vulnerability in Telartis BV Awstats Totals Multiple cross-site scripting (XSS) vulnerabilities in AWStats Totals 1.0 through 1.14 allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameter. | 4.3 |
2008-09-04 | CVE-2008-3917 | Cross-Site Scripting vulnerability in Ovidentia 6.6.5 Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action. | 4.3 |
2008-09-04 | CVE-2008-3909 | Cross-Site Request Forgery (CSRF) vulnerability in Django Project Django 0.91/0.95/0.96 The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests. | 5.8 |
2008-09-04 | CVE-2008-3907 | Improper Input Validation vulnerability in Newsbeuter The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL. | 6.8 |
2008-09-04 | CVE-2008-3906 | Improper Input Validation vulnerability in multiple products CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. | 4.3 |
2008-09-04 | CVE-2008-3905 | Improper Authentication vulnerability in Ruby-Lang Ruby resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | 5.8 |
2008-09-04 | CVE-2007-6716 | fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. | 5.5 |
2008-09-04 | CVE-2008-1389 | Resource Management Errors vulnerability in Clam Anti-Virus Clamav libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access." | 5.0 |
2008-09-03 | CVE-2008-1739 | Resource Management Errors vulnerability in Apple Quicktime Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption. | 6.8 |
2008-09-03 | CVE-2008-3791 | Link Following vulnerability in Lxde Lightweight X11 Desktop Environment 0.1.9 src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rot.jpg temporary file. | 4.6 |