VYPR

CVEs

345,233 total · page 6144 of 6,905

  • CVE-2008-7089Aug 26, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors.

  • CVE-2008-7088Aug 26, 2009
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a…

  • CVE-2008-7087Aug 26, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter.

  • CVE-2008-7086Aug 26, 2009
    risk 0.04cvss epss 0.07

    Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin.

  • CVE-2008-7085Aug 26, 2009
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the…

  • CVE-2008-7084Aug 26, 2009
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in the web server 1.0 in Velocity Security Management System allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

  • CVE-2009-2966Aug 25, 2009
    risk 0.04cvss epss 0.06

    avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters.

  • CVE-2009-2965Aug 25, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly other versions before SD 7.0.100, allows remote attackers to inject arbitrary web script or HTML via the page parameter.

  • CVE-2009-2964Aug 25, 2009
    risk 0.00cvss epss 0.02

    Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1)…

  • CVE-2009-2963Aug 25, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the update feature in Toolbar Uninstaller 1.0.2 allows remote attackers to force the download and execution of arbitrary files via attack vectors related to a "malformed update url and a malformed update website."

  • CVE-2009-2961Aug 25, 2009
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a .MP3 playlist file.

  • CVE-2009-2960Aug 25, 2009
    risk 0.03cvss epss 0.02

    CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request.

  • CVE-2009-2959Aug 25, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-7083Aug 25, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.

  • CVE-2008-7082Aug 25, 2009
    risk 0.00cvss epss 0.01

    MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection…

  • CVE-2008-7081Aug 25, 2009
    risk 0.00cvss epss 0.02

    userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from…

  • CVE-2008-7080Aug 25, 2009
    risk 0.04cvss epss 0.08

    Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql.

  • CVE-2008-7079Aug 25, 2009
    risk 0.03cvss epss 0.06

    Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a .M3U playlist file. NOTE: this issue might be related to CVE-2008-0619.

  • CVE-2008-7078Aug 25, 2009
    risk 0.04cvss epss 0.07

    Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD,…

  • CVE-2008-7077Aug 25, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.

  • CVE-2008-7076Aug 25, 2009
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Articles 6.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile photo, then accessing it via a direct request…

  • CVE-2008-7075Aug 25, 2009
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via (1) the subcatid parameter to article.list.php; or the artid parameter to (2) article.print.php, (3) article.comments.php, (4)…

  • CVE-2008-7074Aug 25, 2009
    risk 0.03cvss epss 0.05

    Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when…

  • CVE-2008-7073Aug 25, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sher, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter.

  • CVE-2008-7072Aug 25, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Chipmunk Topsites allows remote attackers to inject arbitrary web script or HTML via the start parameter.

  • CVE-2008-7071Aug 25, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in authenticate.php in Chipmunk Topsites allows remote attackers to execute arbitrary SQL commands via the username parameter, related to login.php. NOTE: some of these details are obtained from third party information.

  • CVE-2008-7070Aug 25, 2009
    risk 0.03cvss epss 0.05

    Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an…

  • CVE-2008-7069Aug 25, 2009
    risk 0.03cvss epss 0.03

    All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat.

  • CVE-2008-7068Aug 25, 2009
    risk 0.00cvss epss 0.02

    The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database…

  • CVE-2008-7067Aug 25, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in admin/plugins/Online_Users/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[PT_Config][dir][data] parameter.

  • CVE-2008-7066Aug 25, 2009
    risk 0.03cvss epss 0.03

    OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password parameters.

  • CVE-2008-7065Aug 25, 2009
    risk 0.03cvss epss 0.04

    Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cause a denial of service (disconnected calls and device reboot) via a crafted SIP packet to UDP port 5060.

  • CVE-2008-7064Aug 25, 2009
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang…

  • CVE-2008-7063Aug 25, 2009
    risk 0.03cvss epss 0.02

    Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb.

  • CVE-2008-7062Aug 25, 2009
    risk 0.04cvss epss 0.07

    Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.

  • CVE-2008-7061Aug 24, 2009
    risk 0.03cvss epss 0.04

    The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly…

  • CVE-2008-7060Aug 24, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 allow remote attackers to inject arbitrary HTML and web script via the (1) title or (2) content parameters in a news item to add.php, and the (3) itemnum, (4) author, or (5) comment parameters in a comment to…

  • CVE-2008-7059Aug 24, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter.

  • CVE-2008-7058Aug 24, 2009
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 allows remote attackers to hijack the authentication of administrators and force a logout via adminpanel/logout.php.

  • CVE-2008-7057Aug 24, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in merchandise.php in BandSite CMS 1.1.4 allows remote attackers to inject arbitrary HTML or web script via the type parameter.

  • CVE-2008-7056Aug 24, 2009
    risk 0.03cvss epss 0.02

    BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request.

  • CVE-2008-7055Aug 24, 2009
    risk 0.03cvss epss 0.02

    module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" (doubled dot dot slash) sequences in the link parameter, which is not properly filtered using the str_replace…

  • CVE-2008-7054Aug 24, 2009
    risk 0.04cvss epss 0.07

    Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow remote attackers to include and execute arbitrary local files via the (1) gsLanguage and (2) language_home parameters to modules/diary/showdiary.php; (3) admin_home, (4) gsLanguage, and (5) language_home…

  • CVE-2008-7053Aug 24, 2009
    risk 0.04cvss epss 0.07

    LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remote attackers to cause a denial of service (crash) by setting the fgcolor and bgcolor properties to certain long values that trigger memory corruption.

  • CVE-2009-2956Aug 24, 2009
    risk 0.00cvss epss 0.01

    The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for…

  • CVE-2009-2955Aug 24, 2009
    risk 0.00cvss epss 0.01

    Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.

  • CVE-2009-2954Aug 24, 2009
    risk 0.01cvss epss 0.13

    Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.

  • CVE-2009-2953Aug 24, 2009
    risk 0.03cvss epss 0.05

    Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.

  • CVE-2009-2952Aug 24, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors.

  • CVE-2009-2951Aug 24, 2009
    risk 0.00cvss epss 0.01

    Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords.