Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2009-03-02 CVE-2008-6381 SQL Injection vulnerability in Bcoos
SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter.
network
high complexity
bcoos CWE-89
4.6
4.6
2009-03-02 CVE-2008-6375 Permissions, Privileges, and Access Controls vulnerability in Nexusjnr Jbook
JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb.
network
low complexity
nexusjnr CWE-264
5.0
5.0
2009-03-02 CVE-2008-6374 Permissions, Privileges, and Access Controls vulnerability in Codefixer Mailinglistpro
CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb.
network
low complexity
codefixer CWE-264
5.0
5.0
2009-03-02 CVE-2008-6373 Code Injection vulnerability in Nagios
Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments."
network
low complexity
nagios CWE-94
5.0
5.0
2009-03-02 CVE-2008-6370 Cross-Site Scripting vulnerability in Ocean12Tech Contact Manager PRO 1.02
Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to inject arbitrary web script or HTML via the DisplayFormat parameter. 		4.3
4.3
2009-03-02 CVE-2008-6361 Path Traversal vulnerability in Insun Podcast Feedcms 1.7.319Beta
Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 19Beta allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter. 		6.8
6.8
2009-03-02 CVE-2008-6360 Cross-Site Scripting vulnerability in Impresscms 1.0.2
Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter.
network
impresscms CWE-79
4.3
4.3
2009-03-02 CVE-2008-6359 Cross-Site Scripting vulnerability in PHPf1 Max'S Guestbook
Cross-site scripting (XSS) vulnerability in index.php in Max's Guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) message parameters.
network
phpf1 CWE-79
4.3
4.3
2009-03-02 CVE-2008-6357 Permissions, Privileges, and Access Controls vulnerability in Donnafontenot Mycal Personal Events Calendar
MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb.
network
low complexity
donnafontenot CWE-264
5.0
5.0
2009-03-02 CVE-2008-6356 Permissions, Privileges, and Access Controls vulnerability in Donnafontenot Evcal Events Calendar
evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb.
network
low complexity
donnafontenot CWE-264
5.0
5.0