VYPR

CVEs

344,989 total · page 6231 of 6,900

  • CVE-2008-5210Nov 24, 2008
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter to (1) script/init/createallimagecache.php, (2) allincludefortick.php and (3) test.php in script/tick/, and (4)…

  • CVE-2008-5209Nov 24, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

  • CVE-2008-5208Nov 24, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.

  • CVE-2008-5207Nov 21, 2008
    risk 0.00cvss epss 0.01

    Multiple directory traversal vulnerabilities in Jonascms 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the taal parameter to (1) backup.php and (2) gb_voegtoe.php. NOTE: the provenance of this information is unknown; the details…

  • CVE-2008-5206Nov 21, 2008
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in modules/mod_mainmenu.php in MosXML 1 Alpha allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely…

  • CVE-2008-5205Nov 21, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allows remote attackers to inject arbitrary web script or HTML via the articleid parameter in an add action.

  • CVE-2008-5204Nov 21, 2008
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3)…

  • CVE-2008-5203Nov 21, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter.

  • CVE-2008-5202Nov 21, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS 24a allows remote attackers to inject arbitrary web script or HTML via the conteudo parameter.

  • CVE-2008-5201Nov 21, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC…

  • CVE-2008-5200Nov 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

  • CVE-2008-5199Nov 21, 2008
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in include.php in PHPOutsourcing IdeaBox (aka IdeBox) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the gorumDir parameter.

  • CVE-2008-5198Nov 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter.

  • CVE-2008-5197Nov 21, 2008
    risk 0.03cvss epss 0.04

    SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action.

  • CVE-2008-5196Nov 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter.

  • CVE-2008-5195Nov 21, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors.

  • CVE-2008-5194Nov 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-5193Nov 21, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024.

  • CVE-2008-5192Nov 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might overlap CVE-2008-2334, CVE-2008-1939, CVE-2007-2641, or CVE-2007-0920.

  • CVE-2008-5191Nov 21, 2008
    risk 0.04cvss epss 0.18

    Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.

  • CVE-2008-5190Nov 21, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter.

  • CVE-2008-5189Nov 21, 2008
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

  • CVE-2008-5188Nov 21, 2008
    risk 0.00cvss epss 0.00

    The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.

  • CVE-2008-5187Nov 21, 2008
    risk 0.00cvss epss 0.04

    The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a…

  • CVE-2008-5186Nov 21, 2008
    risk 0.00cvss epss 0.02

    The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a…

  • CVE-2008-5185Nov 21, 2008
    risk 0.03cvss epss 0.04

    The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using "<".

  • CVE-2008-5184Nov 21, 2008
    risk 0.00cvss epss 0.04

    The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription…

  • CVE-2008-5183HigNov 21, 2008
    risk 0.52cvss 7.5epss 0.09

    cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging…

  • CVE-2008-5182Nov 21, 2008
    risk 0.00cvss epss 0.00

    The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount.

  • CVE-2008-5181Nov 20, 2008
    risk 0.01cvss epss 0.13

    Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons.

  • CVE-2008-5180MedNov 20, 2008
    risk 0.43cvss 5.3epss 0.68

    Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.

  • CVE-2008-5179Nov 20, 2008
    risk 0.01cvss epss 0.16

    Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet.

  • CVE-2008-5178Nov 20, 2008
    risk 0.06cvss epss 0.32

    Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.

  • CVE-2008-5177Nov 20, 2008
    risk 0.04cvss epss 0.17

    Stack-based buffer overflow in the DtbClsLogin function in Yosemite Backup 8.7 allows remote attackers to (1) execute arbitrary code on a Linux platform, related to libytlindtb.so; or (2) cause a denial of service (application crash) and possibly execute arbitrary code on a…

  • CVE-2008-5176Nov 20, 2008
    risk 0.00cvss epss 0.06

    Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.623 and earlier allow remote attackers to execute arbitrary code via (1) a long 0x02 command to the remote administration service on TCP port 13500 or (2) a long invalid control filename to LPDService.exe on TCP…

  • CVE-2008-5175Nov 19, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.

  • CVE-2008-5174Nov 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid parameter.

  • CVE-2008-5173Nov 19, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors.

  • CVE-2008-5172Nov 19, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Software 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to (a) search.jsp, and the (2) msg parameter to (b) error.jsp and (c) userAccount.jsp. NOTE: the provenance of…

  • CVE-2008-5171Nov 19, 2008
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) DB, (2) lang, and (3) skin…

  • CVE-2008-5170Nov 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.

  • CVE-2008-5169Nov 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter.

  • CVE-2008-5168Nov 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 allows remote attackers to execute arbitrary SQL commands via the tipid parameter.

  • CVE-2008-5167Nov 19, 2008
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.

  • CVE-2008-5166Nov 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter.

  • CVE-2008-5165Nov 19, 2008
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php.

  • CVE-2008-5164Nov 19, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) viewarticle.php and (b) viewarticle2.php and the (2) PATH_INFO to viewarticle.php.

  • CVE-2008-5163Nov 19, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewarticle.php and (2) viewarticle2.php.

  • CVE-2008-5161LowNov 19, 2008
    risk 0.28cvss 3.7epss 0.15

    Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and…

  • CVE-2008-5160Nov 18, 2008
    risk 0.03cvss epss 0.03

    Unspecified vulnerability in MyServer 0.8.11 allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests with the HTTP GET, DELETE, OPTIONS, and possibly other methods, related to a "204 No Content error."