VYPR

CVEs

345,196 total · page 6163 of 6,904

  • CVE-2009-2155Jun 22, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third…

  • CVE-2009-2154Jun 22, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

  • CVE-2009-2153Jun 22, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Impleo Music Collection 2.0 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.

  • CVE-2009-2152Jun 22, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action.

  • CVE-2009-2151Jun 22, 2009
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the newlang parameter.

  • CVE-2009-2150Jun 22, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication…

  • CVE-2009-2149Jun 22, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Campus Virtual-LMS allow remote attackers to inject arbitrary web script or HTML via the (1) courseid parameter to enrolments/step1.php, or the (2) search or (3) siteid parameter to files/shared_list.php.

  • CVE-2009-2148Jun 22, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2009-2147Jun 22, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2009-2146Jun 22, 2009
    risk 0.05cvss epss 0.21

    Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the…

  • CVE-2009-2145Jun 22, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI, and the (c) NodeID parameter to the default URI for the admin section; and allow…

  • CVE-2009-2144Jun 22, 2009
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2009-2143Jun 22, 2009
    risk 0.00cvss epss 0.03

    PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter.

  • CVE-2009-2142Jun 22, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters.

  • CVE-2009-2141Jun 22, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field…

  • CVE-2009-2138Jun 19, 2009
    risk 0.03cvss epss 0.01

    Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or (2) the returnto parameter in a delete action to news.php. NOTE: this can be…

  • CVE-2009-2137Jun 19, 2009
    risk 0.00cvss epss 0.02

    Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka n2cp) in Sun Solaris 10, and OpenSolaris snv_54 through snv_112, allows context-dependent attackers to cause a denial of service (memory consumption) via unspecified vectors related to a large keylen value.

  • CVE-2009-2136Jun 19, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the TCP/IP networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_117, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via…

  • CVE-2009-2135Jun 19, 2009
    risk 0.00cvss epss 0.00

    Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions.

  • CVE-2009-2134Jun 19, 2009
    risk 0.03cvss epss 0.03

    pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message.

  • CVE-2009-2133Jun 19, 2009
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.40.4 and 1.40.7 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) sort parameter to pivot/index.php, (3) the value of a check array parameter in a delete action to pivot/index.php,…

  • CVE-2009-2132Jun 19, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.

  • CVE-2009-2131Jun 19, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.

  • CVE-2009-2130Jun 19, 2009
    risk 0.03cvss epss 0.02

    Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request.

  • CVE-2009-2129Jun 19, 2009
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action.

  • CVE-2009-2128Jun 19, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the title (aka subject) field.

  • CVE-2009-2127Jun 19, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

  • CVE-2009-2126Jun 19, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the title (aka subject) field.

  • CVE-2009-2125Jun 19, 2009
    risk 0.00cvss epss 0.01

    delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs.

  • CVE-2009-2124Jun 19, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.

  • CVE-2009-2123Jun 19, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b)…

  • CVE-2009-2122Jun 19, 2009
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2009-1692Jun 19, 2009
    risk 0.00cvss epss 0.04

    WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement…

  • CVE-2009-1683Jun 19, 2009
    risk 0.00cvss epss 0.03

    The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue."

  • CVE-2009-1680Jun 19, 2009
    risk 0.00cvss epss 0.00

    Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history.

  • CVE-2009-1679Jun 19, 2009
    risk 0.00cvss epss 0.00

    The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate…

  • CVE-2009-0961Jun 19, 2009
    risk 0.04cvss epss 0.06

    The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an…

  • CVE-2009-0960Jun 19, 2009
    risk 0.00cvss epss 0.02

    The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML…

  • CVE-2009-0959Jun 19, 2009
    risk 0.00cvss epss 0.03

    The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue."

  • CVE-2009-0958Jun 19, 2009
    risk 0.00cvss epss 0.01

    Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers…

  • CVE-2009-2120Jun 18, 2009
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) ids parameter to admin.php, the (2) y parameter to members.php, and other unspecified vectors. NOTE: vector 1 requires administrative…

  • CVE-2009-2119Jun 18, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter.

  • CVE-2009-2118Jun 18, 2009
    risk 0.00cvss epss 0.03

    Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow.

  • CVE-2009-2117Jun 18, 2009
    risk 0.03cvss epss 0.02

    uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username.

  • CVE-2009-2116Jun 18, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a .. (dot dot) in the dir parameter.

  • CVE-2009-2115Jun 18, 2009
    risk 0.00cvss epss 0.01

    admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message.

  • CVE-2009-2114Jun 18, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the (1) mgroup, (2) mgr, (3) objtype, (4) id, and (5) dir parameters.

  • CVE-2009-2113Jun 18, 2009
    risk 0.03cvss epss 0.03

    Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php.

  • CVE-2009-2112Jun 18, 2009
    risk 0.03cvss epss 0.06

    Directory traversal vulnerability in include/page_bottom.php in phpFK 7.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _FORUM[settings_design_style] parameter.

  • CVE-2009-2111Jun 18, 2009
    risk 0.03cvss epss 0.04

    Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter.