VYPR

CVEs

345,040 total · page 6206 of 6,901

  • CVE-2009-0464Feb 10, 2009
    risk 0.03cvss epss 0.05

    PHP remote file inclusion vulnerability in includes/header.php in Groone GBook 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

  • CVE-2009-0463Feb 10, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in includes/header.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

  • CVE-2009-0462Feb 10, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in customer_login_check.asp in ClickTech ClickCart 6.0 allow remote attackers to execute arbitrary SQL commands via (1) the txtEmail parameter (aka E-MAIL field) or (2) the txtPassword parameter (aka password field) to customer_login.asp.…

  • CVE-2009-0461Feb 10, 2009
    risk 0.03cvss epss 0.03

    Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.

  • CVE-2009-0460Feb 10, 2009
    risk 0.03cvss epss 0.03

    Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.

  • CVE-2009-0459Feb 10, 2009
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of…

  • CVE-2009-0458Feb 10, 2009
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Ware Support 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are…

  • CVE-2009-0457Feb 10, 2009
    risk 0.03cvss epss 0.06

    Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the (1) Contact_Plus and (2) Reviews modules, and (3) the…

  • CVE-2009-0456Feb 10, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in examples/example_clientside_javascript.php in patForms, as used in Sourdough 0.3.5, allows remote attackers to execute arbitrary PHP code via a URL in the neededFiles[patForms] parameter.

  • CVE-2009-0454Feb 10, 2009
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in DMXReady Online Notebook Manager 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. NOTE: some third parties report inability to verify this issue.

  • CVE-2009-0453Feb 10, 2009
    risk 0.03cvss epss 0.03

    Online Grades 3.2.4 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.

  • CVE-2009-0452Feb 10, 2009
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in parents/login.php in Online Grades 3.2.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameter.

  • CVE-2009-0451Feb 10, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Skalfa SkaLinks 1.5 allows remote attackers to execute arbitrary SQL commands via the Admin name field to the default URI under admin/.

  • CVE-2009-0450Feb 10, 2009
    risk 0.04cvss epss 0.10

    Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier allows remote attackers to execute arbitrary code via a long string in a playlist (aka .plf) file.

  • CVE-2009-0449Feb 10, 2009
    risk 0.03cvss epss 0.01

    Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call.

  • CVE-2009-0448Feb 10, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in admin/modules/aa/preview.php in Syntax Desktop 2.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the synTarget parameter.

  • CVE-2009-0447Feb 10, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in default.asp in MyDesign Sayac 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the user parameter (aka UserName field) or (2) the pass parameter (aka Pass field) to (a) admin/admin.asp or (b) the default URI under…

  • CVE-2009-0446Feb 10, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2009-0445Feb 10, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action.

  • CVE-2009-0444Feb 10, 2009
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) theme parameter to (a) 179_squarebox_pds_list/view.php, (b)…

  • CVE-2009-0443Feb 10, 2009
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows remote attackers to execute arbitrary code via an M3U file containing a long string in a URL.

  • CVE-2009-0442Feb 10, 2009
    risk 0.03cvss epss 0.05

    Directory traversal vulnerability in bbcode.php in PHPbbBook 1.3 and 1.3h allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter.

  • CVE-2009-0441Feb 10, 2009
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default.php in TECHNOTE 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter, a different vector than…

  • CVE-2009-0417Feb 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the AgaviWebRouting::gen(null) method in Agavi 0.11 before 0.11.6 and 1.0 before 1.0.0 beta 8 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with certain characters that are not properly handled by web…

  • CVE-2008-6073Feb 10, 2009
    risk 0.00cvss epss 0.00

    StorageCrypt 2.0.1 does not properly encrypt disks, which allows local users to obtain sensitive information via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-6072Feb 10, 2009
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allow remote attackers to cause a denial of service (crash) via unspecified vectors in (1) XCF and (2) CINEON images.

  • CVE-2008-6071Feb 10, 2009
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details…

  • CVE-2008-6070Feb 10, 2009
    risk 0.00cvss epss 0.04

    Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than…

  • CVE-2008-6069Feb 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter.

  • CVE-2008-6068Feb 10, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the JoomlaDate (com_joomladate) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a viewProfile action to index.php.

  • CVE-2009-0502Feb 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not…

  • CVE-2009-0501Feb 10, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors.

  • CVE-2009-0500Feb 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it…

  • CVE-2009-0499Feb 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php.

  • CVE-2009-0498Feb 10, 2009
    risk 0.03cvss epss 0.02

    Virtual GuestBook (vgbook) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to guestbook.mdb.

  • CVE-2009-0497Feb 10, 2009
    risk 0.04cvss epss 0.08

    Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.

  • CVE-2009-0496Feb 10, 2009
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) log parameter to (a) logviewer.jsp and (b) log.jsp; (2) search parameter to (c) group-summary.jsp; (3) username…

  • CVE-2009-0495Feb 10, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in include/define.php in REALTOR 747 4.11 allows remote attackers to execute arbitrary PHP code via a URL in the INC_DIR parameter.

  • CVE-2009-0494Feb 10, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Portfol (com_portfol) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the vcatid parameter in a viewcategory action to index.php.

  • CVE-2009-0493Feb 10, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier allows remote attackers to execute arbitrary SQL commands via the Username.

  • CVE-2009-0492Feb 10, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerability."

  • CVE-2009-0491Feb 10, 2009
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in Elecard MPEG Player 5.5 build 15884.081218 allows remote attackers to execute arbitrary code via a M3U file containing a long URL.

  • CVE-2009-0490Feb 10, 2009
    risk 0.04cvss epss 0.17

    Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file…

  • CVE-2009-0489Feb 9, 2009
    risk 0.00cvss epss 0.00

    The DBus configuration file for Wicd before 1.5.9 allows arbitrary users to own org.wicd.daemon, which allows local users to receive messages that were intended for the Wicd daemon, possibly including credentials.

  • CVE-2009-0488Feb 9, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-0487Feb 9, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post.

  • CVE-2008-6098Feb 9, 2009
    risk 0.00cvss epss 0.01

    Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to…

  • CVE-2009-0486Feb 9, 2009
    risk 0.00cvss epss 0.01

    Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request…

  • CVE-2009-0485Feb 9, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi.

  • CVE-2009-0484Feb 9, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete shared or saved searches via a link or IMG tag to buglist.cgi.