VYPR

CVEs

345,196 total · page 6159 of 6,904

  • CVE-2009-2354Jul 7, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the auth_checkpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter.

  • CVE-2009-2353Jul 7, 2009
    risk 0.00cvss epss 0.02

    encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local executable file to a location under the web root via the -o option, and then making a direct request to this file, related to upload of image files.

  • CVE-2009-2352Jul 7, 2009
    risk 0.03cvss epss 0.02

    Google Chrome 1.0.154.48 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh…

  • CVE-2009-2351Jul 7, 2009
    risk 0.00cvss epss 0.02

    Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a…

  • CVE-2009-2350Jul 7, 2009
    risk 0.04cvss epss 0.14

    Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the…

  • CVE-2008-0020Jul 7, 2009
    risk 0.02cvss epss 0.31

    Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1,…

  • CVE-2008-0015HigKEVJul 7, 2009
    risk 0.78cvss 8.8epss 0.77

    Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2,…

  • CVE-2009-2345Jul 7, 2009
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other components.

  • CVE-2009-2344Jul 7, 2009
    risk 0.04cvss epss 0.09

    The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components.

  • CVE-2009-2343Jul 7, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in people.php in Zoph before 0.7.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.

  • CVE-2009-2342Jul 7, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin.php (aka the login page) in Content Management Made Easy (CMME) before 1.22 allows remote attackers to inject arbitrary web script or HTML via the username field.

  • CVE-2009-2341Jul 7, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter.

  • CVE-2009-2340Jul 7, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2009-2339Jul 7, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary SQL commands via the product parameter.

  • CVE-2009-2338Jul 7, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter.

  • CVE-2009-2337Jul 7, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter.

  • CVE-2008-6853Jul 7, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3.0 and 3.12 allows remote attackers to execute arbitrary SQL commands via the PollID parameter.

  • CVE-2008-6852Jul 7, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

  • CVE-2008-6851Jul 7, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the name parameter.

  • CVE-2008-6850Jul 7, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-6849Jul 7, 2009
    risk 0.03cvss epss 0.02

    Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/number_shell.php.

  • CVE-2008-6848Jul 7, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action.

  • CVE-2009-2333Jul 5, 2009
    risk 0.03cvss epss 0.06

    Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the menu parameter to admin/admin_menu.php, and the id parameter to (2) index.php and (3)…

  • CVE-2009-2332Jul 5, 2009
    risk 0.03cvss epss 0.02

    CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitive information via (1) a crafted id parameter to index.php or (2) a nonexistent folder name in the id parameter to admin/admin_delete.php, which reveals the installation path in an error message.

  • CVE-2009-2331Jul 5, 2009
    risk 0.03cvss epss 0.02

    Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code (1) into settings.php via the menu parameter to admin_settings.php or (2) into a content/=NUMBER.php file via the title parameter to admin_new.php.

  • CVE-2009-2330Jul 5, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CMS Chainuk 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.

  • CVE-2009-2329Jul 5, 2009
    risk 0.03cvss epss 0.02

    KerviNet Forum 1.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) admin/head.php, or (2) voting_diagram.php, (3) voting.php, (4) topics_search.php, (5) topics_list.php, (6) top_part.php, (7) quick_search.php, (8) quick_reply.php,…

  • CVE-2009-2328Jul 5, 2009
    risk 0.03cvss epss 0.01

    admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter.

  • CVE-2009-2327Jul 5, 2009
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet Forum 1.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the v_variant1 parameter.

  • CVE-2009-2326Jul 5, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) an enter_parol cookie to index.php in an auto action or (2) the topic parameter to message.php. NOTE: vector 2 can be leveraged for a…

  • CVE-2009-2325Jul 5, 2009
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter.

  • CVE-2009-2324Jul 5, 2009
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory.

  • CVE-2009-2323Jul 5, 2009
    risk 0.00cvss epss 0.01

    The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demonstrated by a redirect from the…

  • CVE-2009-2322Jul 5, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-2321Jul 5, 2009
    risk 0.00cvss epss 0.02

    cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to cause a denial of service (configuration reset) via a RESTORE=RESTORE query string.

  • CVE-2009-2320Jul 5, 2009
    risk 0.00cvss epss 0.01

    The web interface on the Axesstel MV 410R relies on client-side JavaScript code to validate input, which allows remote attackers to send crafted data, and possibly have unspecified other impact, via a client that does not process JavaScript.

  • CVE-2009-2319Jul 5, 2009
    risk 0.00cvss epss 0.01

    The default configuration of the Wi-Fi component on the Axesstel MV 410R does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2009-2318Jul 5, 2009
    risk 0.00cvss epss 0.01

    The Axesstel MV 410R allows remote attackers to cause a denial of service via a flood of SYN packets, a related issue to CVE-1999-0116.

  • CVE-2009-2317Jul 5, 2009
    risk 0.00cvss epss 0.02

    The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access.

  • CVE-2009-2316Jul 5, 2009
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later…

  • CVE-2009-2314Jul 5, 2009
    risk 0.00cvss epss 0.00

    Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors.

  • CVE-2009-2295Jul 5, 2009
    risk 0.00cvss epss 0.03

    Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24…

  • CVE-2009-2294Jul 5, 2009
    risk 0.00cvss epss 0.03

    Integer overflow in the Png_datainfo_callback function in Dillo 2.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG image with crafted (1) width or (2) height values.

  • CVE-2009-2265Jul 5, 2009
    risk 0.10cvss epss 0.84

    Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution…

  • CVE-2009-1890Jul 5, 2009
    risk 0.01cvss epss 0.16

    The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to…

  • CVE-2009-1648Jul 5, 2009
    risk 0.00cvss epss 0.02

    The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services.

  • CVE-2009-1388MedJul 5, 2009
    risk 0.36cvss 5.5epss 0.00

    The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping…

  • CVE-2009-0904Jul 5, 2009
    risk 0.00cvss epss 0.02

    The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing…

  • CVE-2007-6728Jul 5, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote attackers to inject arbitrary web script or HTML via the MSN field during user registration.

  • CVE-2007-6727Jul 5, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows remote attackers to execute arbitrary SQL commands via the forum parameter.