VYPR

CVEs

345,046 total · page 6194 of 6,901

  • CVE-2008-6427Mar 6, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.

  • CVE-2008-6425Mar 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in news.php in ComicShout 2.8 allows remote attackers to execute arbitrary SQL commands via the news_id parameter, a different vector than CVE-2008-2456.

  • CVE-2008-6424Mar 6, 2009
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in FFFTP 1.96b allows remote FTP servers to create or overwrite arbitrary files via a response to an FTP LIST command with a filename that contains a .. (dot dot).

  • CVE-2008-6423Mar 6, 2009
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 RC3 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the site_id parameter.

  • CVE-2008-6422Mar 6, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php.

  • CVE-2008-6421Mar 6, 2009
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in social_game_play.php in Social Site Generator (SSG) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

  • CVE-2008-6420Mar 6, 2009
    risk 0.03cvss epss 0.04

    Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php.

  • CVE-2008-6419Mar 6, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Social Site Generator (SSG) 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) sgc_id parameter to display_blog.php, (2) scm_mem_id parameter to social_my_profile_download.php, and the (3) catid parameter to…

  • CVE-2008-6418Mar 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.

  • CVE-2008-6417Mar 6, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in GreenSQL-Console before 0.3.5 allows attackers to obtain the "installation directory" via unknown vectors.

  • CVE-2008-6416Mar 6, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Console before 0.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "internal pages."

  • CVE-2009-0835Mar 6, 2009
    risk 0.03cvss epss 0.01

    The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a…

  • CVE-2009-0834Mar 6, 2009
    risk 0.00cvss epss 0.00

    The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit…

  • CVE-2008-6415Mar 6, 2009
    risk 0.00cvss epss 0.05

    Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers to execute arbitrary code via a CONNECTION request with a long hostname.

  • CVE-2008-6414Mar 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.

  • CVE-2008-6413Mar 6, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question.

  • CVE-2008-6412Mar 6, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Vignette Content Management 7.3.0.5, 7.3.1, 7.3.1.1, 7.4, and 7.5 allows "low privileged" users to gain administrator privileges via unknown attack vectors.

  • CVE-2008-6411Mar 6, 2009
    risk 0.03cvss epss 0.03

    Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1.

  • CVE-2008-6410Mar 6, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in show.php in ol'bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.

  • CVE-2008-6409Mar 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a brain action.

  • CVE-2008-6408Mar 6, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter.

  • CVE-2008-6407Mar 6, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the framefile parameter.

  • CVE-2008-6406Mar 6, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin.php in DataLife Engine (DLE) 7.2 allows remote attackers to inject arbitrary web script or HTML via the query string.

  • CVE-2008-6405Mar 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in showcategory.php in Hotscripts Clone allows remote attackers to execute arbitrary SQL commands via the cid parameter.

  • CVE-2008-6404Mar 6, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter.

  • CVE-2008-6403Mar 6, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in themes/default/include/html/insert.inc.php in OpenRat 0.8-beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpl_dir parameter.

  • CVE-2008-6402Mar 6, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter.

  • CVE-2008-6401Mar 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote attackers to execute arbitrary SQL commands via the kat parameter.

  • CVE-2009-0770Mar 6, 2009
    risk 0.00cvss epss 0.03

    dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a denial of service (crash) by signing a message with a key that has been revoked in DNS, which triggers an assertion error.

  • CVE-2009-0769Mar 6, 2009
    risk 0.03cvss epss 0.02

    QIP 2005 build 8082 allows remote attackers to cause a denial of service (CPU consumption and application hang) via a crafted Rich Text Format (RTF) ICQ message, as demonstrated by an {\rtf\pict\&&} message. NOTE: the vulnerability may be in Sergey Tkachenko TRichView. If so,…

  • CVE-2009-0768Mar 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the forumID parameter in a next action.

  • CVE-2009-0767Mar 6, 2009
    risk 0.03cvss epss 0.02

    Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data.

  • CVE-2009-0766Mar 6, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2009-0765Mar 6, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the configfile parameter.

  • CVE-2009-0764Mar 6, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 allow remote attackers to inject arbitrary web script or HTML via the charm parameter to (1) index.php and (2) kipper.php. NOTE: the provenance of this information is unknown; the details are obtained solely…

  • CVE-2009-0763Mar 6, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 allows remote attackers to inject arbitrary web script or HTML via the charm parameter.

  • CVE-2009-0762Mar 6, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP Comment allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2009-0761Mar 6, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in online.asp in Team Board 1.x allows remote attackers to inject arbitrary web script or HTML via the lookname parameter.

  • CVE-2009-0760Mar 6, 2009
    risk 0.03cvss epss 0.02

    Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb.

  • CVE-2009-0833Mar 5, 2009
    risk 0.04cvss epss 0.09

    Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third party information.

  • CVE-2009-0832Mar 5, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter.

  • CVE-2009-0831Mar 5, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter.

  • CVE-2009-0830Mar 5, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in QuoteBook allows remote attackers to inject arbitrary web script or HTML via the (1) QuoteName and (2) QuoteText parameters to quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from…

  • CVE-2009-0829Mar 5, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in QuoteBook allow remote attackers to execute arbitrary SQL commands via the (1) MyBox and (2) selectFavorites parameters to (a) quotes.php and the (3) QuoteName and (4) QuoteText parameters to (b) quotesadd.php. NOTE: the provenance of…

  • CVE-2009-0828Mar 5, 2009
    risk 0.03cvss epss 0.03

    QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request.

  • CVE-2009-0827Mar 5, 2009
    risk 0.03cvss epss 0.03

    PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.

  • CVE-2009-0826Mar 5, 2009
    risk 0.03cvss epss 0.03

    BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.

  • CVE-2008-6400Mar 5, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. NOTE: some of these details are obtained from third party information.

  • CVE-2008-6399Mar 5, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors.

  • CVE-2009-0821Mar 5, 2009
    risk 0.03cvss epss 0.05

    Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element.