VYPR

CVEs

345,015 total · page 6219 of 6,901

  • CVE-2008-5823Jan 2, 2009
    risk 0.01cvss epss 0.08

    An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.

  • CVE-2008-5822Jan 2, 2009
    risk 0.00cvss epss 0.02

    Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service (memory consumption and browser hang) via a long CLASS attribute in an HR element in an HTML document.

  • CVE-2008-5821Jan 2, 2009
    risk 0.03cvss epss 0.04

    Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.

  • CVE-2008-2381Jan 2, 2009
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.

  • CVE-2008-5820Jan 2, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

  • CVE-2008-5819Jan 2, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in eDNews_archive.php in eDreamers eDNews 2, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third…

  • CVE-2008-5818Jan 2, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third…

  • CVE-2008-5817Jan 2, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action.

  • CVE-2008-5816Jan 2, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter.

  • CVE-2008-5815Jan 2, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-5814Jan 2, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to…

  • CVE-2008-5813Jan 2, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2008-5812Jan 2, 2009
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors.

  • CVE-2008-5811Jan 2, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php.

  • CVE-2008-5810Jan 2, 2009
    risk 0.00cvss epss 0.04

    WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup,…

  • CVE-2008-5809Jan 2, 2009
    risk 0.00cvss epss 0.01

    futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a…

  • CVE-2008-5808Jan 2, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web…

  • CVE-2008-2383Jan 2, 2009
    risk 0.00cvss epss 0.05

    CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and…

  • CVE-2006-7236Jan 2, 2009
    risk 0.04cvss epss 0.07

    The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.

  • CVE-2008-5807Dec 31, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl.

  • CVE-2008-5806Dec 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field). NOTE: some of these details are obtained from third party information.

  • CVE-2008-5805Dec 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828.

  • CVE-2008-5804Dec 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin/admin_catalog.php in e-topbiz Number Links 1 Php Script allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.

  • CVE-2008-5803Dec 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field). NOTE: some of these details are obtained from third party information.

  • CVE-2008-5802Dec 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

  • CVE-2008-5801Dec 31, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.

  • CVE-2008-5800Dec 31, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2008-5799Dec 31, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-5798Dec 31, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2008-5797Dec 31, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2008-5796Dec 31, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2008-5795Dec 31, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-5794Dec 31, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.

  • CVE-2008-5793Dec 31, 2008
    risk 0.04cvss epss 0.15

    Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b)…

  • CVE-2008-5792Dec 31, 2008
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue.

  • CVE-2008-5791Dec 31, 2008
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and attack vectors, related to the (1) bankwire module, (2) cheque module, and other components.

  • CVE-2008-5790Dec 31, 2008
    risk 0.05cvss epss 0.24

    Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php…

  • CVE-2008-5789Dec 31, 2008
    risk 0.05cvss epss 0.30

    Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php…

  • CVE-2008-5788Dec 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-5787Dec 31, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action.

  • CVE-2008-5786Dec 31, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Silva Find extension 1.1.5 and earlier in Silva 1.x before 1.6.3.2, Silva 2.0 before 2.0.12.2, and Silva 2.1 before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the fulltext parameter.

  • CVE-2008-5785Dec 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.

  • CVE-2008-5784CriDec 31, 2008
    risk 0.67cvss 9.8epss 0.07

    V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.

  • CVE-2008-5783Dec 31, 2008
    risk 0.03cvss epss 0.03

    admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.

  • CVE-2008-5782Dec 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.

  • CVE-2008-5781Dec 30, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter.

  • CVE-2008-5780Dec 30, 2008
    risk 0.03cvss epss 0.03

    Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.

  • CVE-2008-5779Dec 30, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in lpro.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-5778Dec 30, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in report.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the linkid parameter.

  • CVE-2008-5777Dec 30, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in CadeNix allows remote attackers to execute arbitrary SQL commands via the cid parameter.