Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-03 | CVE-2009-0755 | Denial of Service vulnerability in Poppler The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry. | 5.0 |
| 2009-03-03 | CVE-2009-0753 | Path Traversal vulnerability in Mldonkey Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename. | 5.0 |
| 2009-03-02 | CVE-2009-0751 | Resource Management Errors vulnerability in Yaws Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers. | 5.0 |
| 2009-03-02 | CVE-2008-6388 | Permissions, Privileges, and Access Controls vulnerability in 4U2Ges Rapid Classified 3.1/3.15 Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb. | 5.0 |
| 2009-03-02 | CVE-2008-6387 | Information Exposure vulnerability in Activewebsoftwares Quick Tree View .Net 3.1 Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb. | 5.0 |
| 2009-03-02 | CVE-2008-6386 | Cross-Site Scripting vulnerability in 1Scripts Z1Exchange 1.0 Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
| 2009-03-02 | CVE-2008-6385 | Cross-Site Scripting vulnerability in W3Matter Revsense 1.0 Cross-site scripting (XSS) vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. | 4.3 |
| 2009-03-02 | CVE-2008-6384 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Comment Mail 5.X0.1/5.X1.0/5.X1.X Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a module for Drupal, allow remote attackers to hijack the authentication of administrators. | 6.8 |
| 2009-03-02 | CVE-2008-6383 | SQL Injection vulnerability in Drupal Storm SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors. | 6.0 |
| 2009-03-02 | CVE-2008-6382 | Permissions, Privileges, and Access Controls vulnerability in Aspportal 3.2.5 ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb. | 5.0 |