VYPR

CVEs

30,288 total · page 605 of 606

  • CVE-2007-4039CriJul 27, 2007
    risk 0.64cvss 9.8epss 0.02

    Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when…

  • CVE-2007-4043CriJul 27, 2007
    risk 0.64cvss 9.8epss 0.02

    file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary…

  • CVE-2007-3798CriJul 16, 2007
    risk 0.72cvss 9.8epss 0.70

    Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

  • CVE-2007-3194CriJun 12, 2007
    risk 0.64cvss 9.8epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php in includes/; (6)…

  • CVE-2007-2534CriMay 9, 2007
    risk 0.64cvss 9.8epss 0.01

    Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are…

  • CVE-2007-2422CriMay 2, 2007
    risk 0.64cvss 9.8epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability…

  • CVE-2007-2020CriApr 12, 2007
    risk 0.64cvss 9.8epss 0.03

    Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion

  • CVE-2007-1966CriApr 11, 2007
    risk 0.59cvss 9.1epss 0.01

    Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.

  • CVE-2007-1399CriMar 10, 2007
    risk 0.68cvss 9.8epss 0.20

    Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via…

  • CVE-2007-1383CriMar 10, 2007
    risk 0.68cvss 9.8epss 0.15

    Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.

  • CVE-2006-7105CriMar 3, 2007
    risk 0.64cvss 9.8epss 0.02

    PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is used in a function definition, so this report is probably…

  • CVE-2006-7079CriMar 2, 2007
    risk 0.68cvss 9.8epss 0.13

    Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable.

  • CVE-2006-6975CriFeb 8, 2007
    risk 0.64cvss 9.8epss 0.03

    PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a…

  • CVE-2007-0681CriFeb 3, 2007
    risk 0.67cvss 9.8epss 0.05

    profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.

  • CVE-2006-6863CriDec 31, 2006
    risk 0.68cvss 9.8epss 0.13

    PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value

  • CVE-2006-6024CriNov 21, 2006
    risk 0.64cvss 9.8epss 0.01

    Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eudora WorldMail heap overflow" modules in VulnDisco Pack. NOTE: Some of these…

  • CVE-2006-5678CriNov 3, 2006
    risk 0.64cvss 9.8epss 0.02

    PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the…

  • CVE-2006-5610CriOct 31, 2006
    risk 0.64cvss 9.8epss 0.01

    PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

  • CVE-2006-5603CriOct 30, 2006
    risk 0.67cvss 9.8epss 0.01

    SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

  • CVE-2006-5024CriSep 27, 2006
    risk 0.64cvss 9.8epss 0.02

    Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.4 have unknown impact and attack vectors.

  • CVE-2006-5021CriSep 27, 2006
    risk 0.67cvss 9.8epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE:…

  • CVE-2006-4428CriAug 29, 2006
    risk 0.67cvss 9.8epss 0.04

    PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced…

  • CVE-2006-4264CriAug 21, 2006
    risk 0.64cvss 9.8epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) install.lmtg_homepage.php and (2) mtg_homepage.php. …

  • CVE-2006-3136CriJun 22, 2006
    risk 0.64cvss 9.8epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2) media.php, (3) /xmlrpc/server.php, and (4)…

  • CVE-2006-2827CriJun 5, 2006
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in…

  • CVE-2005-3435CriNov 2, 2005
    risk 0.64cvss 9.8epss 0.02

    admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument.

  • CVE-2005-3120CriOct 17, 2005
    risk 0.69cvss 9.8epss 0.23

    Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.

  • CVE-2005-2773CriKEVSep 2, 2005
    risk 0.85cvss 9.8epss 0.74

    HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.

  • CVE-2005-2103CriAug 16, 2005
    risk 0.68cvss 9.8epss 0.16

    Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.

  • CVE-2005-1689CriJul 18, 2005
    risk 0.65cvss 9.8epss 0.11

    Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.

  • CVE-2005-1744CriMay 24, 2005
    risk 0.64cvss 9.8epss 0.02

    BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security…

  • CVE-2005-1513CriMay 11, 2005
    risk 0.65cvss 9.8epss 0.11

    Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.

  • CVE-2005-0199CriMay 2, 2005
    risk 0.68cvss 9.8epss 0.19

    Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a…

  • CVE-2005-0269CriMay 2, 2005
    risk 0.64cvss 9.8epss 0.03

    The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.

  • CVE-2005-1141CriApr 15, 2005
    risk 0.64cvss 9.8epss 0.03

    Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large width and height values, which leads to a heap-based buffer overflow.

  • CVE-2005-0496CriFeb 21, 2005
    risk 0.64cvss 9.8epss 0.03

    Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands.

  • CVE-2005-0408CriFeb 14, 2005
    risk 0.67cvss 9.8epss 0.05

    CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which…

  • CVE-2005-0102CriJan 24, 2005
    risk 0.64cvss 9.8epss 0.03

    Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.

  • CVE-2004-2214CriDec 31, 2004
    risk 0.64cvss 9.8epss 0.03

    Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters.

  • CVE-2004-2154CriDec 31, 2004
    risk 0.64cvss 9.8epss 0.02

    CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.

  • CVE-2004-0285CriNov 23, 2004
    risk 0.67cvss 9.8epss 0.08

    PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.

  • CVE-2004-0847CriNov 3, 2004
    risk 0.73cvss 9.8epss 0.76

    The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."

  • CVE-2004-0772CriOct 20, 2004
    risk 0.64cvss 9.8epss 0.07

    Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.

  • CVE-2004-1363CriAug 4, 2004
    risk 0.64cvss 9.8epss 0.09

    Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

  • CVE-2004-2061CriJul 27, 2004
    risk 0.67cvss 9.8epss 0.06

    RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.

  • CVE-2004-0434CriJul 7, 2004
    risk 0.64cvss 9.8epss 0.07

    k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow.

  • CVE-2004-0005CriMar 3, 2004
    risk 0.65cvss 9.8epss 0.11

    Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer…

  • CVE-2004-0030CriJan 20, 2004
    risk 0.67cvss 9.8epss 0.07

    PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server…

  • CVE-2003-1233CriDec 31, 2003
    risk 0.64cvss 9.8epss 0.02

    Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or…

  • CVE-2003-0545CriNov 17, 2003
    risk 0.71cvss 9.8epss 0.85

    Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.