Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-27 | CVE-2008-3842 | Cross-Site Scripting vulnerability in Microsoft .Net Framework 1.0/1.1/2.0 Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence. | 4.3 |
| 2008-08-27 | CVE-2008-3841 | Cross-Site Scripting vulnerability in Openfreeway Freeway 1.4.1.171 Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway eCommerce 1.4.1.171 allows remote attackers to inject arbitrary web script or HTML via the search_link parameter. | 4.3 |
| 2008-08-27 | CVE-2008-3840 | Credentials Management vulnerability in Craftysyntax Crafty Syntax Live Help Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | 5.0 |
| 2008-08-27 | CVE-2008-3839 | Local Denial of Service vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in the NFS module in the kernel in Sun Solaris 10 and OpenSolaris snv_59 through snv_87, when configured as an NFS server without the nodevices option, allows local users to cause a denial of service (panic) via unspecified vectors. local sun | 4.7 |
| 2008-08-27 | CVE-2008-3790 | Improper Input Validation vulnerability in Ruby-Lang Ruby 1.8.6/1.8.7/1.9 The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion." | 5.0 |
| 2008-08-27 | CVE-2008-3739 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences. | 4.3 |
| 2008-08-27 | CVE-2008-3738 | Improper Authentication vulnerability in Spacetag Lacoodast Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | 6.8 |
| 2008-08-27 | CVE-2008-3736 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (a) change passwords or (b) change configurations. | 6.0 |
| 2008-08-27 | CVE-2008-3281 | XML Entity Expansion vulnerability in multiple products libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | 6.5 |
| 2008-08-27 | CVE-2008-2327 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libtiff Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code. | 6.8 |