VYPR

CVEs

345,015 total · page 6217 of 6,901

  • CVE-2008-5900Jan 12, 2009
    risk 0.04cvss epss 0.06

    CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these…

  • CVE-2008-5899Jan 12, 2009
    risk 0.04cvss epss 0.06

    CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these…

  • CVE-2008-5898Jan 12, 2009
    risk 0.04cvss epss 0.06

    CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these…

  • CVE-2008-5897Jan 12, 2009
    risk 0.04cvss epss 0.06

    CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of…

  • CVE-2008-5896Jan 12, 2009
    risk 0.03cvss epss 0.02

    CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these…

  • CVE-2008-5895Jan 12, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.

  • CVE-2008-5894Jan 12, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

  • CVE-2008-5893Jan 12, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action.

  • CVE-2008-5892Jan 12, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and…

  • CVE-2008-5891Jan 12, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.

  • CVE-2008-5890Jan 12, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-5889Jan 12, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject arbitrary web script or HTML via the action parameter.

  • CVE-2008-5888Jan 12, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hitcounter.asp, (2) user_delete.asp, and (3) user_update.asp; (4) the userid parameter to admin_login.asp (aka the USERNAME field in…

  • CVE-2008-5887Jan 12, 2009
    risk 0.01cvss epss 0.09

    phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability."

  • CVE-2008-5886Jan 12, 2009
    risk 0.03cvss epss 0.03

    TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: some of these details are…

  • CVE-2008-5885Jan 12, 2009
    risk 0.04cvss epss 0.06

    The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOTE: some of these details are…

  • CVE-2008-5884Jan 12, 2009
    risk 0.03cvss epss 0.02

    AyeView 2.20 allows user-assisted attackers to cause a denial of service (application crash) via a GIF file with a malformed header.

  • CVE-2008-5883Jan 12, 2009
    risk 0.03cvss epss 0.03

    Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter.

  • CVE-2009-0113Jan 9, 2009
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header.

  • CVE-2009-0112Jan 9, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters.

  • CVE-2009-0111Jan 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

  • CVE-2009-0110Jan 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

  • CVE-2009-0109Jan 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2009-0108Jan 9, 2009
    risk 0.03cvss epss 0.03

    PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies.

  • CVE-2009-0107Jan 9, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

  • CVE-2009-0106Jan 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

  • CVE-2009-0105Jan 9, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inject arbitrary web script or HTML via the mdfd parameter in a prog action.

  • CVE-2009-0104Jan 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrary SQL commands via the qType parameter in a webboard prog action.

  • CVE-2009-0103Jan 9, 2009
    risk 0.04cvss epss 0.10

    Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and…

  • CVE-2008-5882Jan 9, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter.

  • CVE-2008-5881Jan 9, 2009
    risk 0.04cvss epss 0.07

    Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) gateway_module parameter to plugin/gateway/gnokii/init.php and the (2) themes_module parameter to…

  • CVE-2009-0072Jan 8, 2009
    risk 0.01cvss epss 0.09

    Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element.

  • CVE-2009-0071Jan 8, 2009
    risk 0.04cvss epss 0.07

    Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2)…

  • CVE-2009-0070Jan 8, 2009
    risk 0.03cvss epss 0.03

    Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function,…

  • CVE-2009-0043Jan 8, 2009
    risk 0.07cvss epss 0.46

    The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.

  • CVE-2008-5880Jan 8, 2009
    risk 0.03cvss epss 0.03

    admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok".

  • CVE-2008-5879Jan 8, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter and other unspecified vectors.

  • CVE-2008-5878Jan 8, 2009
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the (1) boxname…

  • CVE-2008-5877Jan 8, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id parameter to pcw/processforms.php,…

  • CVE-2008-5876Jan 8, 2009
    risk 0.00cvss epss 0.04

    Buffer overflow in Irrlicht before 1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors in the B3D loader.

  • CVE-2008-5875Jan 8, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.

  • CVE-2008-5874Jan 8, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. …

  • CVE-2008-4827Jan 8, 2009
    risk 0.01cvss epss 0.07

    Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8,…

  • CVE-2008-3819Jan 8, 2009
    risk 0.00cvss epss 0.01

    dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093.

  • CVE-2008-0067Jan 8, 2009
    risk 0.08cvss epss 0.63

    Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program,…

  • CVE-2008-5873Jan 8, 2009
    risk 0.03cvss epss 0.03

    Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrative access via a galleta[sesion] cookie that has a value beginning with 1:1: followed by a username.

  • CVE-2008-5872Jan 8, 2009
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a…

  • CVE-2008-5871Jan 8, 2009
    risk 0.00cvss epss 0.02

    Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command.

  • CVE-2008-5870Jan 8, 2009
    risk 0.03cvss epss 0.02

    FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942.

  • CVE-2008-5869Jan 8, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 allows remote authenticated users to inject arbitrary web script or HTML via the system.sysName.0 SNMP OID.