VYPR

CVEs

345,054 total · page 6184 of 6,902

  • CVE-2008-6619Apr 6, 2009
    risk 0.03cvss epss 0.04

    Unrestricted file upload vulnerability in class/ApplyDB.php in ClassSystem 2.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in class/UploadHomepage/.

  • CVE-2008-6618Apr 6, 2009
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop.php, and (3) the message_id parameter in class/MessageReply.php.

  • CVE-2008-6617Apr 6, 2009
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in adm/visual/upload.php in SiteXS CMS 0.1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.

  • CVE-2008-6616Apr 6, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are…

  • CVE-2008-6615Apr 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to execute arbitrary SQL commands via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are obtained solely…

  • CVE-2008-6614Apr 6, 2009
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass…

  • CVE-2009-1249Apr 6, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map.

  • CVE-2009-1248Apr 6, 2009
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the theme_directory parameter to (1) container.php and (2) header.php in themes/.

  • CVE-2009-1247Apr 6, 2009
    risk 0.04cvss epss 0.10

    SQL injection vulnerability in login.php in Acute Control Panel 1.0.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.

  • CVE-2009-1246Apr 6, 2009
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) row_mysql_blocks_center_down[file] parameter to includes/block_center_down.php; (2) row_mysql_blocks_center_top[file]…

  • CVE-2009-1245Apr 6, 2009
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in the insert_to_pastebin function in php/cccp-admin/inc/functions.php in CCCP Community Clan Portal Pastebin before 2.80 allow remote attackers to execute arbitrary SQL commands via the (1) subject, (2) language, and (3) nickname…

  • CVE-2008-6613Apr 6, 2009
    risk 0.03cvss epss 0.02

    uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request.

  • CVE-2008-6612Apr 6, 2009
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in admin/uploader.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/.

  • CVE-2008-6611Apr 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-6610Apr 6, 2009
    risk 0.00cvss epss 0.01

    Absolute path traversal vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2.0 allows remote attackers to list arbitrary directories and read arbitrary files via a full pathname in the file parameter.

  • CVE-2008-6609Apr 6, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.

  • CVE-2009-1147Apr 6, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain…

  • CVE-2009-1146Apr 6, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial…

  • CVE-2009-0910Apr 6, 2009
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute…

  • CVE-2009-0909Apr 6, 2009
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute…

  • CVE-2009-0908Apr 6, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder.

  • CVE-2009-0518Apr 6, 2009
    risk 0.00cvss epss 0.00

    VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password.

  • CVE-2008-4916Apr 6, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and…

  • CVE-2009-1243MedApr 6, 2009
    risk 0.36cvss 5.5epss 0.00

    net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocking step in certain incorrect circumstances, which allows local users to cause a denial of service (panic) by reading zero bytes from the /proc/net/udp file and unspecified other files, related to the "udp…

  • CVE-2009-1242Apr 6, 2009
    risk 0.00cvss epss 0.00

    The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended…

  • CVE-2008-6608Apr 6, 2009
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter (aka user field) to admin/index.php, (2) the user_pass parameter (aka pass field) to admin/index.php, or (3) the…

  • CVE-2008-6607Apr 6, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to inject arbitrary web script or HTML via the thema parameter.

  • CVE-2008-6606Apr 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-6605Apr 6, 2009
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary…

  • CVE-2008-6604Apr 4, 2009
    risk 0.04cvss epss 0.08

    Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagina parameter, a different vulnerability than CVE-2007-5390.

  • CVE-2009-1241Apr 3, 2009
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive.

  • CVE-2009-1240Apr 3, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows…

  • CVE-2009-1239Apr 3, 2009
    risk 0.00cvss epss 0.01

    IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query.

  • CVE-2009-0556HigKEVApr 3, 2009
    risk 0.75cvss 8.8epss 0.68

    Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption,…

  • CVE-2008-6603Apr 3, 2009
    risk 0.00cvss epss 0.02

    MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.

  • CVE-2008-6602Apr 3, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Download Center Lite before 2.1 has unknown impact and attack vectors related to "A minor security fix."

  • CVE-2008-6601Apr 3, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to obtain the real IP address of users via unknown vectors.

  • CVE-2008-6600Apr 3, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the search feature in XMLPortal 3.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

  • CVE-2008-6599Apr 3, 2009
    risk 0.00cvss epss 0.01

    cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."

  • CVE-2008-6598Apr 3, 2009
    risk 0.00cvss epss 0.01

    Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic."

  • CVE-2008-6597Apr 3, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-6596Apr 3, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-6595Apr 3, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the pmk_rssnewsexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2008-6594Apr 3, 2009
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the cm_rdfexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2008-6593Apr 3, 2009
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php.

  • CVE-2008-6592Apr 3, 2009
    risk 0.03cvss epss 0.03

    thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing…

  • CVE-2008-6591Apr 3, 2009
    risk 0.00cvss epss 0.01

    LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php.

  • CVE-2008-6590Apr 3, 2009
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php.

  • CVE-2008-6589Apr 3, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.

  • CVE-2008-6588Apr 3, 2009
    risk 0.00cvss epss 0.02

    Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed.