VYPR

CVEs

345,196 total · page 6161 of 6,904

  • CVE-2009-2263Jun 30, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by…

  • CVE-2009-2262Jun 30, 2009
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in install/di.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the pathtoserverdata parameter. NOTE: the installation instructions specify deleting the install/ folder.

  • CVE-2009-2261Jun 30, 2009
    risk 0.06cvss epss 0.41

    PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.

  • CVE-2009-2260Jun 30, 2009
    risk 0.00cvss epss 0.02

    stardict 3.0.1, when Enable Net Dict is configured, sends the contents of the clipboard to a dictionary server, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2009-2258Jun 30, 2009
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter.

  • CVE-2009-2257Jun 30, 2009
    risk 0.04cvss epss 0.07

    The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and…

  • CVE-2009-2256Jun 30, 2009
    risk 0.04cvss epss 0.07

    The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg.

  • CVE-2009-2255Jun 30, 2009
    risk 0.05cvss epss 0.31

    Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of…

  • CVE-2009-2254Jun 30, 2009
    risk 0.04cvss epss 0.11

    Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of…

  • CVE-2009-2243Jun 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2009-2242Jun 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order parameter.

  • CVE-2009-2241Jun 27, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.asp in ASP Inline Corporate Calendar allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

  • CVE-2009-2240Jun 27, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in AD2000 free-sw leger (aka Web Conference Room Free) 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-2239Jun 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to…

  • CVE-2009-2238Jun 27, 2009
    risk 0.03cvss epss 0.04

    Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct…

  • CVE-2009-2237Jun 27, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, probably related to registered…

  • CVE-2009-2236Jun 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2009-2235Jun 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2009-2234Jun 27, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call Center Suite 2.0.5-173 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter ($PHP_AUTH_USER) and (2) Password parameter ($PHP_AUTH_PW).

  • CVE-2008-6839Jun 27, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in TGS Content Management 0.3.2r2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg and (2) goodmsg parameters to (a) login.php and (b) index.php, and the (3) dir and (4) id parameters to index.php. …

  • CVE-2008-6838Jun 27, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 allows remote attackers to inject arbitrary web script or HTML via the _off parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-6837Jun 27, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-6836Jun 27, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors.

  • CVE-2008-6835Jun 27, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-2233Jun 26, 2009
    risk 0.03cvss epss 0.03

    The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1.

  • CVE-2009-2232Jun 26, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2009-2231Jun 26, 2009
    risk 0.03cvss epss 0.03

    MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie.

  • CVE-2009-2230Jun 26, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.

  • CVE-2009-2229Jun 26, 2009
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 lite allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter during a download action, a different vector than CVE-2008-3087. NOTE: some of these details are obtained from…

  • CVE-2009-2228Jun 26, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to inject arbitrary web script or HTML via the url parameter in a redirect action.

  • CVE-2009-2227Jun 26, 2009
    risk 0.08cvss epss 0.69

    Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.

  • CVE-2009-1887Jun 26, 2009
    risk 0.00cvss epss 0.02

    agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an…

  • CVE-2009-1628Jun 26, 2009
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet.

  • CVE-2009-1394Jun 26, 2009
    risk 0.06cvss epss 0.33

    Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe.

  • CVE-2009-2226Jun 26, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-2225Jun 26, 2009
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in SureThing CD/DVD Labeler 5.1.616 trial version allows user-assisted remote attackers to execute arbitrary code via a crafted (1) m3u or (2) pls playlist file. NOTE: the provenance of this information is unknown; the details are obtained solely…

  • CVE-2009-2224Jun 26, 2009
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the g_lang parameter.

  • CVE-2009-2223Jun 26, 2009
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible.

  • CVE-2009-2222Jun 26, 2009
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors, probably related to mail.

  • CVE-2009-2221Jun 26, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-2220Jun 26, 2009
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary files via directory traversal sequences in the template_path parameter to (1)…

  • CVE-2009-2219Jun 25, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php; or the (2) home parameter to (d)…

  • CVE-2009-2218Jun 25, 2009
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php, (2) i_nav.php, (3) user_new_2.php, or (4) house/myrents.php;…

  • CVE-2009-2217Jun 25, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via an invalid URL in a BBCode img tag.

  • CVE-2009-2216MedJun 25, 2009
    risk 0.43cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request.

  • CVE-2009-2215Jun 25, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the fatal_error page and unspecified other components.

  • CVE-2009-2214Jun 25, 2009
    risk 0.00cvss epss 0.02

    The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an unspecified request.

  • CVE-2009-2213MedJun 25, 2009
    risk 0.42cvss 6.5epss 0.02

    The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass…

  • CVE-2009-2212Jun 25, 2009
    risk 0.00cvss epss 0.01

    The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors.

  • CVE-2009-2211Jun 25, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.