Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-26 | CVE-2008-3783 | SQL Injection vulnerability in Matterdaddy Market 1.1 Multiple SQL injection vulnerabilities in index.php in Matterdaddy Market 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters. | 6.8 |
| 2008-08-26 | CVE-2008-3781 | Cross-Site Scripting vulnerability in Gmod Gbrowse Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-08-26 | CVE-2008-3779 | Cross-Site Scripting vulnerability in Review-Script Five Star Review Script Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action. | 4.3 |
| 2008-08-25 | CVE-2008-3776 | Path Traversal vulnerability in Fujitsu web Based Admin View 2.1.2 Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2008-08-22 | CVE-2008-3775 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Newsoftwares Folder Lock Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the password, which allows local administrators to obtain sensitive information by reading and decrypting the QualityControl\_pack registry value. | 4.4 |
| 2008-08-22 | CVE-2008-3773 | Cross-Site Scripting vulnerability in Vbulletin 3.6.10/3.7.2 Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]). | 4.3 |
| 2008-08-22 | CVE-2008-3771 | Cross-Site Scripting vulnerability in Pars4U Videosharing 1 Cross-site scripting (XSS) vulnerability in members.php in Pars4u Videosharing 1 allows remote attackers to inject arbitrary web script or HTML via the PageNo parameter. | 4.3 |
| 2008-08-22 | CVE-2008-3770 | Path Traversal vulnerability in Openfreeway Freeway 1.4.1.171 Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2008-08-22 | CVE-2008-3769 | Code Injection vulnerability in Openfreeway Freeway 1.4.1.171 PHP remote file inclusion vulnerability in admin/create_order_new.php in Freeway 1.4.1.171, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the include_page parameter. | 6.8 |
| 2008-08-22 | CVE-2008-3766 | Improper Input Validation vulnerability in Realtime Internet Band Rehearsal LOW Latency Internet Connection Tool 0.9.4/0.9.9/2.0.0 Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon) before 2.1.2 allows remote attackers to cause a denial of service (application crash) via malformed protocol messages. | 5.0 |