VYPR

CVEs

345,196 total · page 6158 of 6,904

  • CVE-2009-2420Jul 9, 2009
    risk 0.00cvss epss 0.01

    Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue…

  • CVE-2009-2419Jul 9, 2009
    risk 0.04cvss epss 0.09

    Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a…

  • CVE-2009-2403Jul 9, 2009
    risk 0.04cvss epss 0.07

    Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a .m3u playlist file.

  • CVE-2009-2402Jul 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355.

  • CVE-2009-2401Jul 9, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post.

  • CVE-2009-2400Jul 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the PHP (com_php) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

  • CVE-2009-2399Jul 9, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.

  • CVE-2009-2398Jul 9, 2009
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80 allows remote attackers to read arbitrary files via a ..// (dot dot slash slash) in the t parameter.

  • CVE-2009-2397Jul 9, 2009
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.

  • CVE-2009-2396Jul 9, 2009
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.

  • CVE-2009-2395Jul 9, 2009
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.

  • CVE-2009-2394Jul 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp Arabic Script Mobile (aka Messages Library) 2.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.

  • CVE-2009-2393Jul 9, 2009
    risk 0.03cvss epss 0.02

    admin/index.php in Virtuenetz Virtue Online Test Generator does not require administrative privileges, which allows remote authenticated users to have an unknown impact via unspecified vectors.

  • CVE-2009-2392Jul 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to execute arbitrary SQL commands via the tid parameter.

  • CVE-2009-2391Jul 9, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to inject arbitrary web script or HTML via the tid parameter.

  • CVE-2009-2390Jul 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter to index.php.

  • CVE-2009-2389Jul 9, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) jahr or (2) idneu parameter in an archive action, or (3) the newsid parameter.

  • CVE-2009-2388Jul 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtPassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2009-2387Jul 9, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the proc filesystem in Sun OpenSolaris snv_49 through snv_109 allows local users to cause a denial of service (deadlock and panic) via unknown vectors, related to the ldt_rewrite_syscall function.

  • CVE-2009-2385Jul 8, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of…

  • CVE-2009-2384Jul 8, 2009
    risk 0.03cvss epss 0.06

    Buffer overflow in amp.exe in Brothersoft PEamp 1.02b allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information.

  • CVE-2009-2383Jul 8, 2009
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the guid parameter.

  • CVE-2009-2382CriJul 8, 2009
    risk 0.67cvss 9.8epss 0.06

    admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.

  • CVE-2009-2381Jul 8, 2009
    risk 0.00cvss epss 0.01

    Gizmo 3.1.0.79 on Linux does not verify a server's SSL certificate, which allows remote servers to obtain the credentials of arbitrary users via a spoofed certificate.

  • CVE-2009-2380Jul 8, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable.

  • CVE-2009-2379Jul 8, 2009
    risk 0.03cvss epss 0.06

    Directory traversal vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.

  • CVE-2009-2378Jul 8, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in formmailer.admin.inc.php in Jax FormMailer 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the BASE_DIR[jax_formmailer] parameter.

  • CVE-2009-2377Jul 8, 2009
    risk 0.03cvss epss 0.02

    Buffer overflow in the Avax Vector ActiveX control in avPreview.ocx in AVAX-software Avax Vector ActiveX 1.3 allows remote attackers to cause a denial of service (application crash) via a long PrinterName property.

  • CVE-2009-2376Jul 8, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Html::textarea function in application/libraries/Html.php in TangoCMS 2.x before 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the value parameter, related to the Contact module.

  • CVE-2009-2375Jul 8, 2009
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in Photo DVD Maker 8.02, and possibly earlier versions, allows remote attackers to execute arbitrary code via a long File_Name parameter in a .pdm file. NOTE: some of these details are obtained from third party information.

  • CVE-2009-2374Jul 8, 2009
    risk 0.00cvss epss 0.01

    Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from…

  • CVE-2009-2373Jul 8, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-2372Jul 8, 2009
    risk 0.00cvss epss 0.02

    Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via…

  • CVE-2009-2371Jul 8, 2009
    risk 0.00cvss epss 0.01

    Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script,…

  • CVE-2009-2370Jul 8, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-2369Jul 8, 2009
    risk 0.00cvss epss 0.03

    Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JPEG file, which triggers a heap-based buffer overflow. NOTE: the provenance of…

  • CVE-2009-2368Jul 8, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown impact and attack vectors.

  • CVE-2009-2367CriJul 8, 2009
    risk 0.69cvss 9.8epss 0.23

    cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter.

  • CVE-2009-2366Jul 8, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from…

  • CVE-2009-2365Jul 8, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2009-2364Jul 8, 2009
    risk 0.04cvss epss 0.10

    Stack-based buffer overflow in Mp3-Nator 2.0 allows remote attackers to execute arbitrary code via (1) a long string in a .plf file and (2) a long string in the listdata.dat file, possibly related to a track entry.

  • CVE-2009-2363Jul 8, 2009
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.00.215 allows remote attackers to execute arbitrary code via a .pls playlist file with a playlist entry containing a long File1 argument.

  • CVE-2009-2362Jul 8, 2009
    risk 0.04cvss epss 0.07

    Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows remote attackers to execute arbitrary code via a long string in a (1) .lst or (2) .m3u playlist file.

  • CVE-2009-2361Jul 8, 2009
    risk 0.03cvss epss 0.05

    SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.

  • CVE-2009-2360Jul 8, 2009
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter.

  • CVE-2009-2359Jul 7, 2009
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via (1) the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or (2) the command-line client, as demonstrated by a…

  • CVE-2009-2358Jul 7, 2009
    risk 0.00cvss epss 0.00

    TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file.

  • CVE-2009-2357Jul 7, 2009
    risk 0.00cvss epss 0.02

    The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.

  • CVE-2009-2356Jul 7, 2009
    risk 0.00cvss epss 0.04

    Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1) POP3, (2) SMTP, or (3) web component that triggers a long SQL query.

  • CVE-2009-2355Jul 7, 2009
    risk 0.00cvss epss 0.01

    The forum module in NullLogic Groupware 1.2.7 allows remote authenticated users to cause a denial of service (application crash) by specifying (1) an empty string or (2) a non-numeric string when selecting a forum, related to the fmessagelist function.