VYPR

CVEs

345,040 total · page 6202 of 6,901

  • CVE-2008-6189Feb 19, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php.

  • CVE-2008-6188Feb 19, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter.

  • CVE-2008-6187Feb 19, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter.

  • CVE-2008-6186Feb 19, 2009
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in RaidenFTPD 2.4 build 3620 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via long (1) CWD and (2) MLST commands.

  • CVE-2008-6185Feb 19, 2009
    risk 0.03cvss epss 0.03

    NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a denial of service (crash) via multiple POP3 requests with a long PASS command.

  • CVE-2008-6184Feb 19, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php.

  • CVE-2008-6183Feb 19, 2009
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in index.php in My PHP Indexer 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) d and (2) f parameters.

  • CVE-2008-6182Feb 19, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php.

  • CVE-2008-6181Feb 19, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php.

  • CVE-2008-6180Feb 19, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie.

  • CVE-2008-6179Feb 19, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter, a different vector than CVE-2007-4069.

  • CVE-2009-0648Feb 19, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the manage_users handler in admin/index.php in Falt4 CMS (aka Falt4 Extreme) RC4 allow remote attackers to hijack the authentication of administrators for requests that change passwords via the (1) edit and (2)…

  • CVE-2009-0647Feb 19, 2009
    risk 0.01cvss epss 0.17

    msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the…

  • CVE-2008-6178Feb 19, 2009
    risk 0.04cvss epss 0.08

    Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a…

  • CVE-2008-6177Feb 19, 2009
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in LightBlog 9.8, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) username parameter to view_member.php, (2) username_post parameter to login.php,…

  • CVE-2008-6175Feb 19, 2009
    risk 0.03cvss epss 0.06

    SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of service (application crash) via a crafted argument to the opendir SFTP command.

  • CVE-2008-6174Feb 19, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin/postlister/index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the liste parameter.

  • CVE-2008-6173Feb 19, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShare Pro 4.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter.

  • CVE-2008-6172Feb 19, 2009
    risk 0.04cvss epss 0.12

    Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img…

  • CVE-2008-4392Feb 19, 2009
    risk 0.00cvss epss 0.02

    dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority…

  • CVE-2008-6171Feb 19, 2009
    risk 0.00cvss epss 0.04

    includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.

  • CVE-2008-6170Feb 19, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title.

  • CVE-2008-6169Feb 19, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as…

  • CVE-2008-6168Feb 19, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified argument, probably the search string.

  • CVE-2008-6167Feb 19, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lng parameter.

  • CVE-2008-6166Feb 19, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.

  • CVE-2008-6165Feb 19, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in gestion.php in CSPartner 0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) pseudo and (2) passe parameters.

  • CVE-2009-0646Feb 18, 2009
    risk 0.03cvss epss 0.04

    Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to…

  • CVE-2009-0645Feb 18, 2009
    risk 0.04cvss epss 0.06

    Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445.

  • CVE-2005-4878Feb 18, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow…

  • CVE-2009-0644Feb 18, 2009
    risk 0.00cvss epss 0.01

    The HTTP interface in Swann DVR4-SecuraNet has a certain default administrative username and password, which makes it easier for remote attackers to obtain privileged access.

  • CVE-2009-0639Feb 18, 2009
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in moduli/libri/index.php in phpyabs 0.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the Azione parameter.

  • CVE-2009-0310Feb 18, 2009
    risk 0.00cvss epss 0.00

    Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to "incoming data and authentication-strings."

  • CVE-2008-6161Feb 18, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in WOW Raid Manager (WRM) before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-6160Feb 18, 2009
    risk 0.00cvss epss 0.02

    Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors.

  • CVE-2008-6159Feb 18, 2009
    risk 0.00cvss epss 0.01

    Content Management Made Easy (CMME) 1.19 allows remote attackers to obtain system information via a direct request to info.php, which invokes the phpinfo function.

  • CVE-2009-0613Feb 17, 2009
    risk 0.00cvss epss 0.01

    Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages.

  • CVE-2009-0612Feb 17, 2009
    risk 0.00cvss epss 0.02

    Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain…

  • CVE-2009-0611Feb 17, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a…

  • CVE-2009-0610Feb 17, 2009
    risk 0.03cvss epss 0.05

    Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance…

  • CVE-2009-0609Feb 17, 2009
    risk 0.00cvss epss 0.03

    Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of…

  • CVE-2009-0608Feb 17, 2009
    risk 0.00cvss epss 0.00

    Integer overflow in the showLog function in fake_log_device.c in liblog in Open Handset Alliance Android 1.0 allows attackers to trigger a buffer overflow and possibly have unspecified other impact by sending a large number of input lines.

  • CVE-2009-0607Feb 17, 2009
    risk 0.00cvss epss 0.00

    Multiple integer overflows in malloc_leak.c in Bionic in Open Handset Alliance Android 1.0 have unknown impact and attack vectors, related to the (1) chk_calloc and (2) leak_calloc functions.

  • CVE-2009-0606Feb 17, 2009
    risk 0.00cvss epss 0.00

    The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by…

  • CVE-2009-0605Feb 17, 2009
    risk 0.00cvss epss 0.00

    Stack consumption vulnerability in the do_page_fault function in arch/x86/mm/fault.c in the Linux kernel before 2.6.28.5 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via unspecified vectors that trigger page faults on a machine…

  • CVE-2009-0504Feb 17, 2009
    risk 0.00cvss epss 0.00

    WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.

  • CVE-2009-0363Feb 17, 2009
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and…

  • CVE-2009-0359Feb 17, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name.

  • CVE-2008-6158Feb 17, 2009
    risk 0.03cvss epss 0.03

    Multiple unspecified vulnerabilities in the admin backend in w3b>cms (aka w3blabor CMS) before 3.2.0 have unknown impact and remote attack vectors.

  • CVE-2008-6157HigFeb 17, 2009
    risk 0.52cvss 7.5epss 0.03

    SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information.