VYPR

CVEs

345,051 total · page 6190 of 6,902

  • CVE-2009-1036Mar 20, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI.

  • CVE-2009-1035Mar 20, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS).

  • CVE-2009-1034Mar 20, 2009
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI.

  • CVE-2009-1033Mar 20, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503.

  • CVE-2009-1032Mar 20, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in gallery_list.php in YABSoft Advanced Image Hosting (AIH) Script 2.3 allows remote attackers to execute arbitrary SQL commands via the gal parameter.

  • CVE-2008-6503Mar 20, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.

  • CVE-2008-6502Mar 20, 2009
    risk 0.03cvss epss 0.01

    Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. (dot dot) in the avatar parameter, and cause other users to execute this script by using sendData.php to send a message to…

  • CVE-2008-6501Mar 20, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in profiles/index.php in Pro Chat Rooms 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the gud parameter.

  • CVE-2008-6500Mar 20, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.

  • CVE-2009-1031Mar 20, 2009
    risk 0.04cvss epss 0.11

    Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.

  • CVE-2009-1030Mar 20, 2009
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.

  • CVE-2009-1029Mar 20, 2009
    risk 0.06cvss epss 0.32

    Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll.

  • CVE-2009-1028Mar 20, 2009
    risk 0.06cvss epss 0.33

    Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file.

  • CVE-2009-1027Mar 20, 2009
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter.

  • CVE-2009-1026Mar 20, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

  • CVE-2009-1025Mar 20, 2009
    risk 0.05cvss epss 0.30

    PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

  • CVE-2009-1024Mar 20, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 allow remote attackers to execute arbitrary SQL commands via the linkid parameter to edlink.php, and unspecified other vectors.

  • CVE-2009-1023Mar 20, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in phpComasy 0.9.1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.

  • CVE-2009-1022Mar 20, 2009
    risk 0.04cvss epss 0.07

    Heap-based buffer overflow in the Preview/ Set Segment function in Gretech GOMlab GOM Encoder 1.0.0.11 and earlier allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a long text field in a…

  • CVE-2008-6499Mar 20, 2009
    risk 0.03cvss epss 0.02

    security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1.

  • CVE-2008-6498Mar 20, 2009
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter.

  • CVE-2008-6497Mar 20, 2009
    risk 0.04cvss epss 0.10

    The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service (network outage) via multiple HTTP requests for the /- URI.

  • CVE-2008-6496Mar 20, 2009
    risk 0.03cvss epss 0.03

    Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method.

  • CVE-2008-6495Mar 20, 2009
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter.

  • CVE-2008-6494Mar 20, 2009
    risk 0.03cvss epss 0.02

    ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb.

  • CVE-2008-6493Mar 20, 2009
    risk 0.03cvss epss 0.02

    Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database/News.mdb.

  • CVE-2008-6492Mar 20, 2009
    risk 0.03cvss epss 0.04

    Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, then accessing the uploaded file via a direct request to the file in pics/. NOTE:…

  • CVE-2009-0971Mar 19, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in futomi's CGI Cafe Access Analyzer CGI Standard Version 3.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2009-0970Mar 19, 2009
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in includes/class_image.php in PHP Pro Bid 6.05, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the fileExtension parameter. NOTE: the provenance of this information is unknown; the…

  • CVE-2009-0969Mar 19, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote attackers to hijack the authentication of administrators for requests that change the email address via the act[update] action.

  • CVE-2009-0968Mar 19, 2009
    risk 0.03cvss epss 0.04

    SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information.

  • CVE-2009-0967Mar 19, 2009
    risk 0.04cvss epss 0.07

    The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument.

  • CVE-2009-0966Mar 19, 2009
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in cross.php in YABSoft Mega File Hosting 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.

  • CVE-2009-0965Mar 19, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in functions/browse.php in Ganesha Digital Library (GDL) 4.0 and 4.2 allows remote attackers to execute arbitrary SQL commands via the node parameter in a browse action to gdl.php.

  • CVE-2009-0964HigMar 19, 2009
    risk 0.52cvss 7.5epss 0.02

    UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.

  • CVE-2009-0963Mar 19, 2009
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.

  • CVE-2009-0927HigKEVMar 19, 2009
    risk 0.80cvss 8.8epss 0.97

    Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.

  • CVE-2009-0661Mar 19, 2009
    risk 0.00cvss epss 0.03

    Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read.

  • CVE-2008-6491Mar 19, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in connexion.php in PHPGKit 0.9 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-6490Mar 19, 2009
    risk 0.03cvss epss 0.04

    function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for code execution by overwriting a PHP file, as demonstrated using…

  • CVE-2008-6489Mar 19, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the album parameter to index.php.

  • CVE-2009-0962Mar 19, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Futomi's CGI Cafe MP Form Mail CGI eCommerce 1.3.0 and earlier, and CGI Professional 3.2.2 and earlier, allows remote attackers to gain administrative privileges via unknown attack vectors.

  • CVE-2009-0941Mar 18, 2009
    risk 0.00cvss epss 0.03

    The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access.

  • CVE-2009-0940Mar 18, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via…

  • CVE-2009-0538Mar 18, 2009
    risk 0.00cvss epss 0.00

    Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a…

  • CVE-2008-6488Mar 18, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action.

  • CVE-2008-6487Mar 18, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAffiliate 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin and (2) password fields.

  • CVE-2008-6486Mar 18, 2009
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in slideshow_uploadvideo.content.php in SharedLog, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_dir] parameter.

  • CVE-2008-6485Mar 18, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery allows remote attackers to execute arbitrary SQL commands via the ctg parameter.

  • CVE-2008-6484Mar 18, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field.