VYPR

CVEs

345,196 total · page 6157 of 6,904

  • CVE-2008-6865Jul 14, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action.

  • CVE-2008-6864Jul 14, 2009
    risk 0.03cvss epss 0.03

    Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6863Jul 14, 2009
    risk 0.03cvss epss 0.03

    Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6862Jul 14, 2009
    risk 0.03cvss epss 0.03

    Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6861Jul 14, 2009
    risk 0.03cvss epss 0.03

    Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6860Jul 14, 2009
    risk 0.03cvss epss 0.03

    Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6859Jul 14, 2009
    risk 0.03cvss epss 0.03

    Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6858Jul 14, 2009
    risk 0.03cvss epss 0.03

    Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6857Jul 14, 2009
    risk 0.03cvss epss 0.03

    Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6856Jul 14, 2009
    risk 0.03cvss epss 0.03

    Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6855Jul 14, 2009
    risk 0.03cvss epss 0.03

    Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie.

  • CVE-2008-6854Jul 14, 2009
    risk 0.03cvss epss 0.03

    Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2009-2450Jul 13, 2009
    risk 0.03cvss epss 0.01

    The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Armor Personal Firewall AV+ before 3.5.0.12, and Personal Firewall 3.5 before 3.5.0.14, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\OAmon containing arbitrary kernel…

  • CVE-2009-2449Jul 13, 2009
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter.

  • CVE-2009-2448Jul 13, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the search_choice parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third…

  • CVE-2009-2447Jul 13, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in ogp_show.php in Online Guestbook Pro 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) display parameter.

  • CVE-2009-2446Jul 13, 2009
    risk 0.04cvss epss 0.11

    Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string…

  • CVE-2009-2445Jul 13, 2009
    risk 0.00cvss epss 0.03

    Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.

  • CVE-2009-2444Jul 13, 2009
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in maillinglist/setup/step1.php.inc in ADbNewsSender before 1.5.6, and 2.0 before RC2, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter to setup/index.php.

  • CVE-2009-2443Jul 13, 2009
    risk 0.03cvss epss 0.03

    Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.

  • CVE-2009-2442Jul 13, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in public/index.php in Linea21 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a resultats-recherche action.

  • CVE-2009-2441Jul 13, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter.

  • CVE-2009-2440Jul 13, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

  • CVE-2009-2439Jul 13, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product…

  • CVE-2009-2438Jul 13, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in the search module in ClanSphere 2009.0 and 2009.0.2 allows remote attackers to inject arbitrary web script or HTML via the text parameter in a list action. NOTE: this might overlap CVE-2008-1399.

  • CVE-2009-2437Jul 13, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Rentventory 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka Login) and (2) password parameters in a login action.

  • CVE-2009-2436Jul 13, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in page.php in Online Dating Software MyPHPDating 1.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.

  • CVE-2009-2435Jul 13, 2009
    risk 0.00cvss epss 0.01

    The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

  • CVE-2009-2434Jul 13, 2009
    risk 0.00cvss epss 0.00

    Buffer overflow in the syscall implementation in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.

  • CVE-2009-2433Jul 10, 2009
    risk 0.05cvss epss 0.19

    Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.

  • CVE-2009-2432Jul 10, 2009
    risk 0.00cvss epss 0.03

    WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.

  • CVE-2009-2431Jul 10, 2009
    risk 0.00cvss epss 0.03

    WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source.

  • CVE-2009-2336Jul 10, 2009
    risk 0.00cvss epss 0.05

    The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the…

  • CVE-2009-2335Jul 10, 2009
    risk 0.03cvss epss 0.85

    WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue,…

  • CVE-2009-2334Jul 10, 2009
    risk 0.04cvss epss 0.06

    wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify…

  • CVE-2009-2430Jul 10, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and OpenSolaris snv_01 through snv_58, when Solaris Auditing is enabled, allows local users with an RBAC execution profile for auditconfig to gain privileges via unknown attack vectors.

  • CVE-2009-2429Jul 10, 2009
    risk 0.00cvss epss 0.00

    SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in admin_backup.xml files and uses insecure permissions for these files, which allows local users to gain privileges. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2009-2428Jul 10, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors.

  • CVE-2009-2427Jul 10, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in co-profile.php in Jobbr 2.2.7 allows remote attackers to execute arbitrary SQL commands via the emp_id parameter.

  • CVE-2009-2426Jul 10, 2009
    risk 0.00cvss epss 0.02

    The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via…

  • CVE-2009-2425Jul 10, 2009
    risk 0.00cvss epss 0.03

    Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor.

  • CVE-2009-2424Jul 10, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone 2009 allows remote attackers to inject arbitrary web script or HTML via the mode parameter.

  • CVE-2009-2423Jul 10, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in category.php in Ebay Clone 2009 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter in a list action.

  • CVE-2009-2422CriJul 10, 2009
    risk 0.64cvss 9.8epss 0.03

    The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers…

  • CVE-2009-2386Jul 10, 2009
    risk 0.03cvss epss 0.05

    Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method.

  • CVE-2009-1891Jul 10, 2009
    risk 0.01cvss epss 0.17

    The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

  • CVE-2009-1725Jul 9, 2009
    risk 0.00cvss epss 0.06

    WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows…

  • CVE-2009-1724Jul 9, 2009
    risk 0.03cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top…

  • CVE-2009-0667Jul 9, 2009
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory.

  • CVE-2009-2421Jul 9, 2009
    risk 0.00cvss epss 0.03

    The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an…