VYPR

CVEs

345,040 total · page 6205 of 6,901

  • CVE-2008-6119Feb 11, 2009
    risk 0.03cvss epss 0.02

    Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the (1) username and (2) password parameters. NOTE: the provenance of this information is…

  • CVE-2008-6118Feb 11, 2009
    risk 0.03cvss epss 0.03

    win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.

  • CVE-2008-6117Feb 11, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in homepage.php in PG Job Site Pro allows remote attackers to execute arbitrary SQL commands via the poll_view_id parameter in a results action.

  • CVE-2008-6116Feb 11, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php.

  • CVE-2008-6115Feb 11, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083.

  • CVE-2008-6114Feb 11, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter.

  • CVE-2008-6113Feb 11, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.90 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the (1) username and (2) profile page.

  • CVE-2008-6112Feb 11, 2009
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in Ez Ringtone Manager allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a detail action to (1) main.php and (2) template.php in ringtones/.

  • CVE-2008-6111Feb 11, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in blog.php in NetArt Media Vlog System 1.1 allows remote attackers to execute arbitrary SQL commands via the note parameter.

  • CVE-2008-6110Feb 11, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in SemanticScuttle before 0.90 has unknown impact and attack vectors related to improper validation of parameters to profile.php.

  • CVE-2009-0517Feb 11, 2009
    risk 0.07cvss epss 0.55

    Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these…

  • CVE-2009-0516Feb 11, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the classified page (classified.php) in BusinessSpace 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

  • CVE-2009-0515Feb 11, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in check_lang.php in Yet Another NOCC (YANOCC) 0.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

  • CVE-2009-0514Feb 11, 2009
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in WebFrame 0.76 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) currentmod and (2) LANG parameters to mod/index.php.

  • CVE-2009-0513Feb 11, 2009
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 allow remote attackers to execute arbitrary PHP code via a URL in the classFiles parameter to (1) admin/doc/index.php, (2) index.php, and (3) base/menu.php in mod/.

  • CVE-2009-0475Feb 11, 2009
    risk 0.00cvss epss 0.02

    Integer underflow in the Huffman decoding functionality (pvmp3_huffman_parsing.cpp) in OpenCORE 2.0 and earlier allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a crafted MP3 file that triggers heap corruption.

  • CVE-2009-0455Feb 11, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the anonymous comments feature in lib-comment.php in glFusion 1.1.0, 1.1.1, and earlier versions allows remote attackers to inject arbitrary web script or HTML via the username parameter to comment.php.

  • CVE-2008-6109Feb 11, 2009
    risk 0.00cvss epss 0.00

    Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not properly enforce the privileges of user accounts, which allows local users to bypass intended access restrictions by (1) opening unspecified screens, related to the "double click selector bug"; or modifying a…

  • CVE-2009-0438Feb 10, 2009
    risk 0.00cvss epss 0.01

    IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412.

  • CVE-2009-0437Feb 10, 2009
    risk 0.00cvss epss 0.00

    The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file.

  • CVE-2009-0436Feb 10, 2009
    risk 0.00cvss epss 0.00

    The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors.

  • CVE-2009-0435Feb 10, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libibmaio) library in the Java Message Service (JMS) component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.17 on AIX 5.3 allows attackers to cause a denial of service (daemon crash) via vectors…

  • CVE-2009-0434Feb 10, 2009
    risk 0.00cvss epss 0.00

    PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by…

  • CVE-2009-0433Feb 10, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash) via unknown vectors,…

  • CVE-2009-0432Feb 10, 2009
    risk 0.00cvss epss 0.02

    The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified…

  • CVE-2009-0305Feb 10, 2009
    risk 0.01cvss epss 0.17

    Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method.

  • CVE-2009-0099Feb 10, 2009
    risk 0.02cvss epss 0.26

    The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI…

  • CVE-2009-0098Feb 10, 2009
    risk 0.02cvss epss 0.25

    Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption…

  • CVE-2009-0097Feb 10, 2009
    risk 0.02cvss epss 0.23

    Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."

  • CVE-2009-0096Feb 10, 2009
    risk 0.02cvss epss 0.23

    Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."

  • CVE-2009-0095Feb 10, 2009
    risk 0.02cvss epss 0.23

    Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."

  • CVE-2009-0076Feb 10, 2009
    risk 0.06cvss epss 0.34

    Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka…

  • CVE-2009-0075Feb 10, 2009
    risk 0.10cvss epss 0.85

    Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized…

  • CVE-2008-4284Feb 10, 2009
    risk 0.00cvss epss 0.02

    Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing…

  • CVE-2008-4283Feb 10, 2009
    risk 0.00cvss epss 0.03

    CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

  • CVE-2008-6108Feb 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in result.php in Galatolo WebManager (GWM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter.

  • CVE-2008-6107Feb 10, 2009
    risk 0.00cvss epss 0.00

    The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, the (2) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c, and the (3) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel before 2.6.25.4, omit some virtual-address…

  • CVE-2008-6106Feb 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x has unknown impact and remote attack vectors. NOTE: some of these details are obtained from third party information.

  • CVE-2008-6105Feb 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from…

  • CVE-2008-6104Feb 10, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in A4Desk PHP Event Calendar allows remote attackers to execute arbitrary SQL commands via the eventid parameter to admin/index.php.

  • CVE-2008-6103Feb 10, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter.

  • CVE-2008-6102Feb 10, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in ratelink.php in Link Trader Script allows remote attackers to execute arbitrary SQL commands via the lnkid parameter.

  • CVE-2008-6101Feb 10, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter.

  • CVE-2008-6100Feb 10, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to (a) RSS1.php and (b) RSS2.php in misc/; and the (2) SubID parameter to (c) misc/RSS5.php.

  • CVE-2008-6099Feb 10, 2009
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in index.php in RPortal 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_op parameter.

  • CVE-2009-0469Feb 10, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1.2 allows remote attackers to gain administrative privileges via unknown vectors.

  • CVE-2009-0468Feb 10, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network…

  • CVE-2009-0467Feb 10, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action.

  • CVE-2009-0466Feb 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Vivvo CMS before 4.1.1 allows remote attackers to inject arbitrary web script or HTML via a URI that triggers a 404 Page Not Found response.

  • CVE-2009-0465Feb 10, 2009
    risk 0.03cvss epss 0.04

    The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename…