Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-09-12 | CVE-2009-5095 | Code Injection vulnerability in Ea-Style Gbook 0.1/0.1.4 PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_ordner parameter. | 6.8 |
| 2011-09-12 | CVE-2009-5093 | Path Traversal vulnerability in PHP4Scripte Gastebuch 1.6 Directory traversal vulnerability in gastbuch.php in Gästebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2011-09-12 | CVE-2009-5092 | Cross-Site Scripting vulnerability in Microsoft Fast ESP 5.0.9 Cross-site scripting (XSS) vulnerability in the management interface in Microsoft FAST ESP 5.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-09-12 | CVE-2009-5090 | SQL Injection vulnerability in Daman371 Bloggeruniverse SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors. | 6.8 |
| 2011-09-12 | CVE-2009-5089 | Path Traversal vulnerability in Ideacart 0.02/0.02A Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0.02a allows remote attackers to read arbitrary files via a .. | 4.3 |
| 2011-09-12 | CVE-2009-5087 | Path Traversal vulnerability in Geovision Digital Surveillance System 8.2 Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2011-09-08 | CVE-2011-3391 | Permissions, Privileges, and Access Controls vulnerability in IBM Rational Build Forge 7.1.2 IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to read a key file by removing a disable attribute in the Security sub-menu. | 4.0 |
| 2011-09-08 | CVE-2011-3384 | Cross-Site Scripting vulnerability in Sage-Mozdev Sage 1.3.8 Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102. | 4.3 |
| 2011-09-08 | CVE-2011-3343 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openttd Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file. | 4.6 |
| 2011-09-06 | CVE-2011-3388 | Information Exposure vulnerability in Opera Browser Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related to Extended Validation and loading content from trusted sources in an unspecified sequence that causes the address field and page information dialog to contain security information based on the trusted site, instead of the insecure site. | 4.3 |