VYPR

CVEs

345,217 total · page 6148 of 6,905

  • CVE-2009-2779Aug 17, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action.

  • CVE-2009-2778Aug 14, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2009-2777Aug 14, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter.

  • CVE-2009-2776Aug 14, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in showresult.asp in Smart ASP Survey allows remote attackers to execute arbitrary SQL commands via the catid parameter.

  • CVE-2009-2775Aug 14, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2009-2774Aug 14, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter.

  • CVE-2009-2773Aug 14, 2009
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

  • CVE-2009-2772Aug 14, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php.

  • CVE-2009-2771Aug 14, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to the default URI under search/.

  • CVE-2009-2770Aug 14, 2009
    risk 0.03cvss epss 0.03

    PowerUpload 2.4 allows remote attackers to bypass authentication and gain administrative access via a MIME encoded value of admin for the myadminname cookie.

  • CVE-2009-2769Aug 14, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter.

  • CVE-2009-2768HigAug 14, 2009
    risk 0.51cvss 7.8epss 0.00

    The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat…

  • CVE-2009-2767Aug 14, 2009
    risk 0.03cvss epss 0.01

    The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL pointer dereference.

  • CVE-2009-2766Aug 14, 2009
    risk 0.03cvss epss 0.05

    httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.

  • CVE-2009-2765Aug 14, 2009
    risk 0.10cvss epss 0.82

    httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.

  • CVE-2009-2764Aug 14, 2009
    risk 0.04cvss epss 0.11

    Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script…

  • CVE-2009-2692HigAug 14, 2009
    risk 0.55cvss 7.8epss 0.15

    The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero,…

  • CVE-2009-2691Aug 14, 2009
    risk 0.00cvss epss 0.00

    The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition.

  • CVE-2009-2677Aug 14, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2009-2417Aug 14, 2009
    risk 0.00cvss epss 0.04

    lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a…

  • CVE-2009-1048CriAug 14, 2009
    risk 0.64cvss 9.8epss 0.06

    The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the…

  • CVE-2008-6975Aug 14, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials…

  • CVE-2008-6974Aug 14, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative…

  • CVE-2009-2094Aug 13, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise before 6.0.0.8, when trace is enabled, allows local users to obtain sensitive information via unknown vectors.

  • CVE-2009-2093Aug 13, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2009-2092Aug 13, 2009
    risk 0.00cvss epss 0.02

    IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors.

  • CVE-2009-2091Aug 13, 2009
    risk 0.00cvss epss 0.01

    The System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 on z/OS uses weak file permissions for new applications, which allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2009-2090Aug 13, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions (JMX) Management Beans (aka MBeans) access restrictions, and…

  • CVE-2009-2089Aug 13, 2009
    risk 0.00cvss epss 0.01

    The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file.

  • CVE-2009-2088Aug 13, 2009
    risk 0.00cvss epss 0.02

    The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request…

  • CVE-2009-2087Aug 13, 2009
    risk 0.00cvss epss 0.00

    The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local…

  • CVE-2009-2085Aug 13, 2009
    risk 0.00cvss epss 0.02

    The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving…

  • CVE-2009-0906Aug 13, 2009
    risk 0.00cvss epss 0.01

    The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors.

  • CVE-2008-6973Aug 13, 2009
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 before 6.0.0.7 have unknown impact and attack vectors.

  • CVE-2009-2762Aug 13, 2009
    risk 0.00cvss epss 0.20

    wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array.

  • CVE-2009-2761Aug 13, 2009
    risk 0.00cvss epss 0.00

    Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the "C:\Program Files\avira\" directory.

  • CVE-2008-6972Aug 13, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "help text," or (3)…

  • CVE-2008-6971Aug 13, 2009
    risk 0.04cvss epss 0.07

    The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote…

  • CVE-2008-6970Aug 13, 2009
    risk 0.04cvss epss 0.07

    SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter.

  • CVE-2008-6969Aug 13, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in Avactis Shopping Cart 1.8.0 and 1.8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) step_id and (2) CHECKOUT_CZ_BLOWFISH_KEY parameters.

  • CVE-2008-6968Aug 13, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.

  • CVE-2008-6967Aug 13, 2009
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting (XSS) and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893.

  • CVE-2008-6966Aug 13, 2009
    risk 0.03cvss epss 0.03

    AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php.

  • CVE-2008-6965Aug 13, 2009
    risk 0.03cvss epss 0.03

    AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3)…

  • CVE-2008-6964Aug 13, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field.

  • CVE-2008-6963Aug 13, 2009
    risk 0.03cvss epss 0.02

    admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request.

  • CVE-2008-6962Aug 13, 2009
    risk 0.00cvss epss 0.01

    Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer.

  • CVE-2008-6961Aug 13, 2009
    risk 0.00cvss epss 0.02

    mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2)…

  • CVE-2009-2200Aug 12, 2009
    risk 0.00cvss epss 0.02

    WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.

  • CVE-2009-2199Aug 12, 2009
    risk 0.00cvss epss 0.03

    Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified…