VYPR

CVEs

345,015 total · page 6209 of 6,901

  • CVE-2009-0398Feb 3, 2009
    risk 0.00cvss epss 0.03

    Array index error in the gst_qtp_trak_handler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins) 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file.

  • CVE-2009-0397Feb 3, 2009
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via…

  • CVE-2008-6045Feb 3, 2009
    risk 0.03cvss epss 0.03

    Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter.

  • CVE-2008-6044Feb 3, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in advanced_search_result.php in xt:Commerce 3.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.

  • CVE-2008-6043Feb 3, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow remote attackers to execute arbitrary SQL commands via the (1) order_field and (2) order_type parameters to categories.php and unspecified other components. NOTE: some of these details are obtained from…

  • CVE-2008-6042Feb 3, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the re_search module in NetArtMedia Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the ad parameter to index.php.

  • CVE-2008-6041Feb 3, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in Dataspade 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ViewName, (2) TableName, (3) OrderBy, and (4) FilterField parameters.

  • CVE-2008-6040Feb 3, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in index.php in Arcadem Pro 2.700 through 2.802 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter, probably related to includes/articleblock.php.

  • CVE-2008-6039Feb 3, 2009
    risk 0.03cvss epss 0.02

    Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

  • CVE-2008-6038Feb 3, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in MapCal 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an editevent action, possibly related to dsp_editevent.php.

  • CVE-2008-6037Feb 3, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in view.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the v parameter.

  • CVE-2008-6036Feb 3, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter.

  • CVE-2008-6035Feb 3, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary web script or HTML via the atknodetype parameter.

  • CVE-2008-6034Feb 3, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-6033Feb 3, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-6032Feb 3, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-6031Feb 3, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported that 2.34 is also vulnerable.

  • CVE-2008-6030Feb 3, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3 allow remote attackers to execute arbitrary SQL commands via (1) the job parameter to index.php in the search module or (2) the news_id parameter to index.php.

  • CVE-2008-6029Feb 3, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter.

  • CVE-2008-6028Feb 3, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in list.php in University of Queensland Library Fez 1.3 and 2.0 RC1 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter in a subject action.

  • CVE-2008-6027Feb 3, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in BLUEPAGE CMS 2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) whl, (2) var_1, and (3) search parameters.

  • CVE-2008-6026Feb 3, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in tienda.php in BlueCUBE CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-6025Feb 3, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in scr/form.php in openElec 3.01 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj parameter.

  • CVE-2009-0396Feb 3, 2009
    risk 0.00cvss epss 0.02

    The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, W880i, and K530i phones allow remote attackers to cause a denial of service (device reboot or hang-up) via a malformed WAP Push packet to (1) SMS or (2) UDP port 2948.

  • CVE-2009-0395Feb 3, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the login feature in NetArt Media Car Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

  • CVE-2009-0394Feb 3, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in login.php in Pre Lecture Exercises (PLEs) CMS 1.0 beta 4.2 allows remote attackers to execute arbitrary SQL commands via the school parameter.

  • CVE-2009-0393Feb 3, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter.

  • CVE-2009-0392Feb 3, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter.

  • CVE-2009-0391Feb 2, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors.

  • CVE-2009-0390Feb 2, 2009
    risk 0.03cvss epss 0.01

    Argument injection vulnerability in Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to send signals to arbitrary processes by populating the /tmp/enomalism2.pid file with command-line arguments for the kill program.

  • CVE-2009-0273Feb 2, 2009
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other…

  • CVE-2009-0272Feb 2, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors.

  • CVE-2008-4990Feb 2, 2009
    risk 0.00cvss epss 0.00

    Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/enomalism2.pid temporary file.

  • CVE-2009-0389Feb 2, 2009
    risk 0.04cvss epss 0.09

    Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from…

  • CVE-2008-6024Feb 2, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the NFSv4 client module in the kernel on Sun Solaris 10 and OpenSolaris before snv_37, when automountd is used, allows user-assisted remote attackers to cause a denial of service (unresponsive NFS filesystems) via unknown vectors.

  • CVE-2008-6023Feb 2, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in a newer version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the xnova_root_path parameter.

  • CVE-2008-6022Feb 2, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in an older version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the ugamela_root_path parameter.

  • CVE-2008-6021Feb 2, 2009
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Attachmate Reflection for Secure IT UNIX Client and Server before 7.0 SP1 have unknown impact and attack vectors, aka "security vulnerabilities found by 3rd party analysis."

  • CVE-2008-6020Feb 2, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields."

  • CVE-2008-6019Feb 2, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-6018Feb 2, 2009
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in index.php in MyPHPSite, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.

  • CVE-2008-6017Feb 2, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in messages.php in I-Rater Basic allows remote attackers to execute arbitrary SQL commands via the idp parameter.

  • CVE-2009-0387Feb 2, 2009
    risk 0.01cvss epss 0.06

    Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted Sync…

  • CVE-2009-0386Feb 2, 2009
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a…

  • CVE-2009-0385Feb 2, 2009
    risk 0.01cvss epss 0.07

    Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.

  • CVE-2009-0384Feb 2, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2009-0383Feb 2, 2009
    risk 0.03cvss epss 0.03

    delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request.

  • CVE-2009-0382Feb 2, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors.

  • CVE-2009-0381Feb 2, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping Cart (com_prod) 5.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a products action to index.php.

  • CVE-2009-0380Feb 2, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. …