VYPR

CVEs

344,996 total · page 6224 of 6,900

  • CVE-2008-5593Dec 16, 2008
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in index.php in Mini CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.

  • CVE-2008-5592Dec 16, 2008
    risk 0.03cvss epss 0.03

    Nightfall Personal Diary 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users-zza21.mdb.

  • CVE-2008-5591Dec 16, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in login.asp in Nightfall Personal Diary 1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter and possibly other "login fields." NOTE: some of these details are obtained from third party…

  • CVE-2008-5590Dec 16, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter.

  • CVE-2008-5589Dec 16, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are…

  • CVE-2008-5588Dec 16, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the siteID parameter.

  • CVE-2008-5587Dec 16, 2008
    risk 0.04cvss epss 0.13

    Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.

  • CVE-2008-5586Dec 16, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in findoffice.php in Check Up New Generation (aka Check New) 4.52, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter.

  • CVE-2008-5585Dec 16, 2008
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 Alpha 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) portal/includes/portal_block.php and (2) includes/acp/acp_lcxbbportal.php.

  • CVE-2008-5584Dec 15, 2008
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a message, (2) a milestone, or (3) a display name in a profile, or the (4) a or (5) c parameter to index.php.

  • CVE-2008-5583Dec 15, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in index.php in ProjectPier 0.8 and earlier allows remote attackers to perform actions as an administrator via the query string, as demonstrated by a delete project action.

  • CVE-2008-5582Dec 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the email parameter.

  • CVE-2008-5581Dec 15, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in mini-pub.php/front-end/img.php in mini-pub 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the sFileName parameter.

  • CVE-2008-5580Dec 15, 2008
    risk 0.03cvss epss 0.03

    mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the sFileName argument.

  • CVE-2008-5579Dec 15, 2008
    risk 0.03cvss epss 0.03

    Absolute path traversal vulnerability in mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to read arbitrary files via a full pathname in the sFileName parameter.

  • CVE-2008-5578Dec 15, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allow remote attackers to execute arbitrary SQL commands via (1) the f parameter in a showforum action, (2) the u parameter in a profile action, (3) the viewcat parameter, or (4) a…

  • CVE-2008-5577Dec 15, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to execute arbitrary PHP code via a URL in the inc_function parameter.

  • CVE-2008-5576Dec 15, 2008
    risk 0.03cvss epss 0.03

    admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the current_user[users_level] parameter.

  • CVE-2008-5575Dec 15, 2008
    risk 0.00cvss epss 0.01

    Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

  • CVE-2008-5574Dec 15, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in member.php in Webmaster Marketplace allows remote attackers to execute arbitrary SQL commands via the u parameter.

  • CVE-2008-5573Dec 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the login feature in Poll Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) Password and (2) username parameters.

  • CVE-2008-5572Dec 15, 2008
    risk 0.04cvss epss 0.07

    Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb.

  • CVE-2008-5571Dec 15, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained…

  • CVE-2008-5570Dec 15, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in PHP Multiple Newsletters 2.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

  • CVE-2008-5569Dec 15, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.

  • CVE-2008-5568Dec 15, 2008
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the admin_id, newpass_1, and newpass_2 parameters.

  • CVE-2008-5567Dec 15, 2008
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in admin/ad_settings.php in Bonza Cart 1.10 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters.

  • CVE-2008-5566Dec 15, 2008
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in index.php in Triangle Solutions PHP Multiple Newsletters 2.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

  • CVE-2008-5565Dec 15, 2008
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters.

  • CVE-2008-5564Dec 15, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the media server in Orb Networks Orb before 2.01.0025 allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request.

  • CVE-2008-5563Dec 15, 2008
    risk 0.00cvss epss 0.02

    Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, and 3.3.2.x allows remote attackers to cause a denial of service (device crash) via a malformed Extensible Authentication Protocol (EAP) frame.

  • CVE-2008-5562Dec 15, 2008
    risk 0.03cvss epss 0.05

    ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.

  • CVE-2008-5561Dec 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php.

  • CVE-2008-5560Dec 15, 2008
    risk 0.03cvss epss 0.03

    PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb.

  • CVE-2008-5559Dec 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in sendcard.cfm in PostEcards allows remote attackers to execute arbitrary SQL commands via the cid parameter.

  • CVE-2008-5430Dec 13, 2008
    risk 0.00cvss epss 0.01

    Mozilla Thunderbird 2.0.14 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which might allow remote attackers to cause a denial of service (stack consumption or…

  • CVE-2008-5556Dec 12, 2008
    risk 0.01cvss epss 0.11

    The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7…

  • CVE-2008-5555Dec 12, 2008
    risk 0.01cvss epss 0.13

    Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this…

  • CVE-2008-5554Dec 12, 2008
    risk 0.01cvss epss 0.15

    The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1)…

  • CVE-2008-5553Dec 12, 2008
    risk 0.01cvss epss 0.12

    The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE:…

  • CVE-2008-5552Dec 12, 2008
    risk 0.01cvss epss 0.12

    The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE:…

  • CVE-2008-5551Dec 12, 2008
    risk 0.04cvss epss 0.14

    The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a…

  • CVE-2008-5550Dec 12, 2008
    risk 0.00cvss epss 0.02

    Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter.

  • CVE-2008-5549Dec 12, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet."

  • CVE-2008-5548Dec 12, 2008
    risk 0.00cvss epss 0.02

    VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a…

  • CVE-2008-5547Dec 12, 2008
    risk 0.00cvss epss 0.02

    HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no…

  • CVE-2008-5546Dec 12, 2008
    risk 0.00cvss epss 0.02

    VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or…

  • CVE-2008-5545Dec 12, 2008
    risk 0.00cvss epss 0.03

    Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no…

  • CVE-2008-5544Dec 12, 2008
    risk 0.00cvss epss 0.02

    Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no…

  • CVE-2008-5543Dec 12, 2008
    risk 0.00cvss epss 0.03

    Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or…