VYPR

CVEs

344,996 total · page 6223 of 6,900

  • CVE-2008-5638Dec 17, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter to reviews.aspx or the (2) linkid parameter to links.asp.

  • CVE-2008-5637Dec 17, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows remote attackers to execute arbitrary SQL commands via the wr parameter.

  • CVE-2008-5636Dec 17, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.

  • CVE-2008-5635Dec 17, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.

  • CVE-2008-5634Dec 17, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in account.asp in Active Force Matrix 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.

  • CVE-2008-5633Dec 17, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.

  • CVE-2008-5632Dec 17, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.

  • CVE-2008-5631Dec 17, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2008-5630Dec 17, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter.

  • CVE-2008-5629Dec 17, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action.

  • CVE-2008-5628Dec 17, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in CMS little 0.0.1 allows remote attackers to execute arbitrary SQL commands via the term parameter.

  • CVE-2008-5627Dec 17, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2008-5626Dec 17, 2008
    risk 0.06cvss epss 0.36

    XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.

  • CVE-2008-5625Dec 17, 2008
    risk 0.04cvss epss 0.07

    PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file.

  • CVE-2008-5624Dec 17, 2008
    risk 0.00cvss epss 0.02

    PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as…

  • CVE-2008-5558Dec 17, 2008
    risk 0.00cvss epss 0.02

    Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname…

  • CVE-2008-5621Dec 17, 2008
    risk 0.03cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other…

  • CVE-2008-5620Dec 17, 2008
    risk 0.00cvss epss 0.03

    RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.

  • CVE-2008-5619Dec 17, 2008
    risk 0.00cvss epss 0.54

    html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the…

  • CVE-2008-5618Dec 17, 2008
    risk 0.00cvss epss 0.01

    imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages.

  • CVE-2008-5617Dec 17, 2008
    risk 0.00cvss epss 0.02

    The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.

  • CVE-2008-5081Dec 17, 2008
    risk 0.08cvss epss 0.59

    The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.

  • CVE-2008-5616Dec 17, 2008
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.

  • CVE-2008-5609Dec 17, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2008-4237Dec 17, 2008
    risk 0.00cvss epss 0.02

    Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock…

  • CVE-2008-4236Dec 17, 2008
    risk 0.00cvss epss 0.02

    Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file.

  • CVE-2008-4234Dec 17, 2008
    risk 0.00cvss epss 0.05

    Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which…

  • CVE-2008-4224Dec 17, 2008
    risk 0.00cvss epss 0.02

    UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file.

  • CVE-2008-4223Dec 17, 2008
    risk 0.00cvss epss 0.05

    Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors.

  • CVE-2008-4222Dec 17, 2008
    risk 0.00cvss epss 0.04

    natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet.

  • CVE-2008-4221Dec 17, 2008
    risk 0.00cvss epss 0.03

    The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation.

  • CVE-2008-4220Dec 17, 2008
    risk 0.00cvss epss 0.04

    Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory…

  • CVE-2008-4219Dec 17, 2008
    risk 0.00cvss epss 0.00

    The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application.

  • CVE-2008-4218Dec 17, 2008
    risk 0.00cvss epss 0.00

    Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt.

  • CVE-2008-4217Dec 17, 2008
    risk 0.00cvss epss 0.05

    Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.

  • CVE-2008-5608Dec 16, 2008
    risk 0.03cvss epss 0.03

    ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.

  • CVE-2008-5607Dec 16, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

  • CVE-2008-5606Dec 16, 2008
    risk 0.03cvss epss 0.03

    Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb.

  • CVE-2008-5605Dec 16, 2008
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.

  • CVE-2008-5604Dec 16, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in My Simple Forum 3.0 and 4.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.

  • CVE-2008-5603Dec 16, 2008
    risk 0.03cvss epss 0.03

    ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.

  • CVE-2008-5602Dec 16, 2008
    risk 0.03cvss epss 0.03

    Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb.

  • CVE-2008-5601Dec 16, 2008
    risk 0.03cvss epss 0.03

    User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb.

  • CVE-2008-5600Dec 16, 2008
    risk 0.03cvss epss 0.03

    Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb.

  • CVE-2008-5599Dec 16, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in default.asp in Merlix Teamworx Server allows remote attackers to execute arbitrary SQL commands via the password parameter (aka passwd field) in a login action. NOTE: some of these details are obtained from third party information.

  • CVE-2008-5598Dec 16, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in PHPmyGallery 1.51 gold allows remote attackers to list arbitrary directories via a .. (dot dot) in the group parameter.

  • CVE-2008-5597Dec 16, 2008
    risk 0.03cvss epss 0.03

    Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb.

  • CVE-2008-5596Dec 16, 2008
    risk 0.03cvss epss 0.03

    Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb.

  • CVE-2008-5595Dec 16, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter.

  • CVE-2008-5594Dec 16, 2008
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in index.php in Mini Blog 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.