VYPR

CVEs

345,040 total · page 6203 of 6,901

  • CVE-2008-4285Feb 17, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Performance Monitoring Infrastructure (PMI) feature in the Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19, when a component statistic is enabled, allows attackers to cause a denial of…

  • CVE-2009-0604Feb 16, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter.

  • CVE-2009-0603Feb 16, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some…

  • CVE-2009-0602Feb 16, 2009
    risk 0.03cvss epss 0.05

    Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi 1.11 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/.

  • CVE-2009-0601Feb 16, 2009
    risk 0.00cvss epss 0.00

    Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.

  • CVE-2009-0600Feb 16, 2009
    risk 0.00cvss epss 0.02

    Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame.

  • CVE-2009-0599Feb 16, 2009
    risk 0.00cvss epss 0.03

    Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file.

  • CVE-2008-6156Feb 16, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 allows remote authenticated users to execute arbitrary SQL commands via the campaignId parameter.

  • CVE-2008-6155Feb 16, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idtl parameter in a buy action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-6154Feb 16, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idcat parameter.

  • CVE-2009-0598Feb 16, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2009-0597Feb 16, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action.

  • CVE-2009-0596Feb 16, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the TplSuffix parameter.

  • CVE-2009-0595Feb 16, 2009
    risk 0.04cvss epss 0.17

    PHP remote file inclusion vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.

  • CVE-2009-0594Feb 16, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in phpSkelSite 1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

  • CVE-2009-0593Feb 16, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in members.php in plx Auto Reminder 3.7 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a newar action.

  • CVE-2009-0592Feb 16, 2009
    risk 0.05cvss epss 0.22

    Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ModName parameter to (1) admin_words.php, (2) admin_groups_reapir.php, (3) admin_smilies.php, (4)…

  • CVE-2008-6153Feb 16, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo Album 3.0 allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter.

  • CVE-2008-6152Feb 16, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Portal allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: this was originally reported for Lawyer Portal, which does not have a deptdisplay.asp file.

  • CVE-2008-6151Feb 16, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in shpdetails.asp in SepCity Shopping Mall allows remote attackers to execute arbitrary SQL commands via the ID parameter.

  • CVE-2008-6150Feb 16, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in classdis.asp in SepCity Classified Ads allows remote attackers to execute arbitrary SQL commands via the ID parameter.

  • CVE-2008-6149Feb 16, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cagtegory parameter in a story_lists action to index.php.

  • CVE-2008-6148Feb 16, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Live Ticker (com_liveticker) module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a viewticker action to index.php.

  • CVE-2008-6147Feb 16, 2009
    risk 0.03cvss epss 0.02

    ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/8690.mdb or (2) data/8690BAK.mdb.

  • CVE-2008-6146Feb 16, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989.

  • CVE-2008-6145Feb 16, 2009
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2008-6144Feb 16, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029.

  • CVE-2008-6143Feb 16, 2009
    risk 0.03cvss epss 0.06

    OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie.

  • CVE-2008-6142Feb 16, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka…

  • CVE-2008-6141Feb 14, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 allows remote attackers to cause a denial of service (crash) via a large amount of H.323 data.

  • CVE-2008-6140Feb 14, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Avaya one-X Desktop Edition 2.1.0.78 allows remote attackers to cause a denial of service (crash) via unspecified vectors.

  • CVE-2008-6139Feb 14, 2009
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter.

  • CVE-2008-6138Feb 14, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.

  • CVE-2008-6137Feb 14, 2009
    risk 0.00cvss epss 0.01

    EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors.

  • CVE-2008-6136Feb 14, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to gain privileges as another user or an administrator via unknown attack vectors.

  • CVE-2008-6135Feb 14, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-6134Feb 14, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2008-6133Feb 13, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in arsaprint.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3942.

  • CVE-2008-6132Feb 13, 2009
    risk 0.05cvss epss 0.26

    Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.

  • CVE-2008-6131Feb 13, 2009
    risk 0.00cvss epss 0.01

    Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

  • CVE-2008-6130Feb 13, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters.

  • CVE-2008-6129Feb 13, 2009
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in print.php in moziloWiki 1.0.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.

  • CVE-2008-6128Feb 13, 2009
    risk 0.00cvss epss 0.01

    Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

  • CVE-2008-6127Feb 13, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.php, (5) gal parameter to…

  • CVE-2008-6126Feb 13, 2009
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to download.php and the (2) page parameter to index.php, a different vector than CVE-2008-3589.

  • CVE-2009-0576Feb 13, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests.

  • CVE-2009-0575Feb 13, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the theme_views_bulk_operations_confirmation function in views_bulk_operations.module in Views Bulk Operations 5.x before 5.x-1.3 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or…

  • CVE-2009-0574Feb 13, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Easy CafeEngine allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-4604.

  • CVE-2009-0573Feb 13, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx.

  • CVE-2009-0572Feb 13, 2009
    risk 0.04cvss epss 0.06

    PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when register_globals is enabled and magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the _FNROOTPATH parameter…