VYPR

CVEs

345,196 total · page 6160 of 6,904

  • CVE-2009-2313Jul 2, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter.

  • CVE-2009-2312Jul 2, 2009
    risk 0.00cvss epss 0.00

    SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in config.txt and uses insecure permissions for this file, which allows local users to gain privileges.

  • CVE-2009-2311Jul 2, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627.

  • CVE-2009-2310Jul 2, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.

  • CVE-2009-2309Jul 2, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Codice CMS 2 allows remote attackers to execute arbitrary SQL commands via the tag parameter.

  • CVE-2009-2308Jul 2, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter.

  • CVE-2009-2307Jul 2, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php.

  • CVE-2009-2306Jul 2, 2009
    risk 0.03cvss epss 0.02

    The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini.

  • CVE-2009-2305Jul 2, 2009
    risk 0.03cvss epss 0.02

    The ARD-9808 DVR card security camera allows remote attackers to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences.

  • CVE-2009-2304Jul 2, 2009
    risk 0.00cvss epss 0.01

    index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message.

  • CVE-2009-2303Jul 2, 2009
    risk 0.00cvss epss 0.01

    index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message.

  • CVE-2009-2302Jul 2, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. NOTE: it was later reported that 5.2.1 is also affected.

  • CVE-2009-2301Jul 2, 2009
    risk 0.00cvss epss 0.01

    The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/.

  • CVE-2009-2300Jul 2, 2009
    risk 0.00cvss epss 0.03

    The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service…

  • CVE-2009-2299Jul 2, 2009
    risk 0.00cvss epss 0.04

    The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a…

  • CVE-2009-2298Jul 2, 2009
    risk 0.01cvss epss 0.06

    Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.53 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a CGI request to webappmon.exe. NOTE: this may overlap CVE-2009-1420.

  • CVE-2009-2297Jul 2, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the udp subsystem in the kernel in Sun Solaris 10, and OpenSolaris snv_90 through snv_108, when Solaris Trusted Extensions is enabled, allows remote attackers to cause a denial of service (panic) via unspecified vectors involving the crgetlabel…

  • CVE-2009-2296Jul 2, 2009
    risk 0.00cvss epss 0.04

    The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors.

  • CVE-2009-1421Jul 2, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in NFS / ONCplus B.11.31_06 and B.11.31_07 on HP HP-UX B.11.31 allows local users to cause a denial of service via unknown attack vectors.

  • CVE-2008-6847Jul 2, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in Pre ASP Job Board allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

  • CVE-2008-6846Jul 2, 2009
    risk 0.00cvss epss 0.04

    Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed (1) ISO or (2) RPM file.

  • CVE-2008-6845Jul 2, 2009
    risk 0.00cvss epss 0.02

    The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file.

  • CVE-2008-6844Jul 2, 2009
    risk 0.03cvss epss 0.03

    The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30,…

  • CVE-2008-6843Jul 2, 2009
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.

  • CVE-2008-6842Jul 2, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter.

  • CVE-2009-2293Jul 1, 2009
    risk 0.03cvss epss 0.02

    Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the usernamed cookie parameter.

  • CVE-2009-2292Jul 1, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-2291Jul 1, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors.

  • CVE-2009-2290Jul 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php.

  • CVE-2009-2289Jul 1, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Arcade Trade Script 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the q parameter in a gamelist action.

  • CVE-2009-2288Jul 1, 2009
    risk 0.10cvss epss 0.83

    statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.

  • CVE-2009-2287Jul 1, 2009
    risk 0.00cvss epss 0.00

    The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value,…

  • CVE-2009-2286Jul 1, 2009
    risk 0.03cvss epss 0.03

    Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of service (crash) via a long declaration in a .xbm file. NOTE: this issue only affects compface on distributions that used a certain patch.

  • CVE-2009-2285Jul 1, 2009
    risk 0.04cvss epss 0.09

    Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.

  • CVE-2009-2284Jul 1, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.

  • CVE-2009-2283Jul 1, 2009
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-2282Jul 1, 2009
    risk 0.00cvss epss 0.00

    The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain…

  • CVE-2009-2276Jul 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the out parameter.

  • CVE-2009-2275Jul 1, 2009
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.

  • CVE-2009-2274Jul 1, 2009
    risk 0.00cvss epss 0.01

    The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to protect against reading file contents.

  • CVE-2009-2273Jul 1, 2009
    risk 0.00cvss epss 0.01

    The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2009-2272HigJul 1, 2009
    risk 0.49cvss 7.5epss 0.01

    The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified…

  • CVE-2009-2271Jul 1, 2009
    risk 0.00cvss epss 0.01

    The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access.

  • CVE-2009-2270Jul 1, 2009
    risk 0.00cvss epss 0.02

    Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php…

  • CVE-2009-2269Jul 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/.

  • CVE-2009-2268Jul 1, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-1889Jul 1, 2009
    risk 0.00cvss epss 0.03

    The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large…

  • CVE-2009-0689Jul 1, 2009
    risk 0.05cvss epss 0.28

    Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x…

  • CVE-2008-6841Jul 1, 2009
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to…

  • CVE-2008-6840Jul 1, 2009
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[pear_dir] parameter to (a) Mail/RFC822.php, (b) Net/Socket.php, (c) XML/Parser.php, (d) XML/Tree.php, (e) Mail/mimeDecode.php,…