VYPR

CVEs

344,987 total · page 6237 of 6,900

  • CVE-2008-4929HigNov 4, 2008
    risk 0.49cvss 7.5epss 0.02

    MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.

  • CVE-2008-4928Nov 4, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the…

  • CVE-2008-4927Nov 4, 2008
    risk 0.00cvss epss 0.04

    Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are…

  • CVE-2008-4926Nov 4, 2008
    risk 0.04cvss epss 0.07

    Multiple insecure method vulnerabilities in MW6 Technologies PDF417 ActiveX control (MW6PDF417Lib.PDF417, MW6PDF417.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.

  • CVE-2008-4925Nov 4, 2008
    risk 0.04cvss epss 0.07

    Multiple insecure method vulnerabilities in MW6 Technologies DataMatrix ActiveX control (DATAMATRIXLib.MW6DataMatrix, DataMatrix.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.

  • CVE-2008-4924Nov 4, 2008
    risk 0.04cvss epss 0.07

    Multiple insecure method vulnerabilities in MW6 Technologies 1D Barcode ActiveX control (BARCODELib.MW6Barcode, Barcode.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.

  • CVE-2008-4923Nov 4, 2008
    risk 0.04cvss epss 0.07

    Multiple insecure method vulnerabilities in MW6 Technologies Aztec ActiveX control (AZTECLib.MW6Aztec, Aztec.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.

  • CVE-2008-4922Nov 4, 2008
    risk 0.06cvss epss 0.33

    Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties.

  • CVE-2008-4921Nov 4, 2008
    risk 0.00cvss epss 0.03

    board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to bypass authentication and gain administrator privileges via a direct request. NOTE: some of these details are obtained from third party information.

  • CVE-2008-4919Nov 4, 2008
    risk 0.03cvss epss 0.03

    Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method.

  • CVE-2008-4918Nov 4, 2008
    risk 0.04cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content…

  • CVE-2008-4306Nov 4, 2008
    risk 0.00cvss epss 0.02

    Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence.

  • CVE-2008-4413Nov 4, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users to gain "unauthorized access" via unknown vectors, possibly related to temporary…

  • CVE-2008-2992HigKEVNov 4, 2008
    risk 0.80cvss 7.8epss 0.98

    Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.

  • CVE-2008-4907Nov 4, 2008
    risk 0.03cvss epss 0.06

    The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid…

  • CVE-2008-4906Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2008-4905HigNov 4, 2008
    risk 0.49cvss 7.5epss 0.01

    Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it easier for attackers to guess passwords via a brute force attack.

  • CVE-2008-4904Nov 4, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the "Manage pages" feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with "blog publisher" rights to execute arbitrary SQL commands via the search[published_at] parameter.

  • CVE-2008-4903Nov 4, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the leave comment (feedback) feature in Typo 5.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) comment[author] (Name) and (2) comment[url] (Website) parameters.

  • CVE-2008-4902Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in contact_author.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.

  • CVE-2008-4901Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin/admin.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.

  • CVE-2008-4900Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4899Nov 4, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe 1.3.3 allows remote attackers to perform unauthorized actions as other users via unspecified vectors.

  • CVE-2008-4898Nov 4, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the rate parameter in a submit rate action.

  • CVE-2008-4897Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in fichiers/add_url.php in Logz podcast CMS 1.3.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the art parameter.

  • CVE-2008-4896Nov 4, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in fichiers/add_url.php in Logz CMS 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the art parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-4895Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4894Nov 4, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory…

  • CVE-2008-4893Nov 4, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the template_path parameter. NOTE: the…

  • CVE-2008-4892Nov 4, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in gallery.inc.php in Planetluc MyGallery 1.7.2 and earlier, and possibly other versions before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via the mghash parameter. NOTE: some of these details are obtained from…

  • CVE-2008-4891Nov 4, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in signme.inc.php in Planetluc SignMe 1.5 before 1.55 allows remote attackers to inject arbitrary web script or HTML via the hash parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2008-4913Nov 4, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.

  • CVE-2008-4912Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in popup_img.php in the fotogalerie module in RS MAXSOFT allows remote attackers to execute arbitrary SQL commands via the fotoID parameter. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.

  • CVE-2008-4911Nov 4, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote attackers to execute arbitrary PHP code via a URL in the data parameter.

  • CVE-2008-4910Nov 4, 2008
    risk 0.04cvss epss 0.10

    The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.

  • CVE-2008-4909Nov 4, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and earlier allows remote attackers to perform unauthorized actions as legitimate users via unspecified vectors.

  • CVE-2008-4908Nov 4, 2008
    risk 0.00cvss epss 0.00

    maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

  • CVE-2008-4890Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in products.php in 1st News 4 Professional (PR 1) allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4889Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action.

  • CVE-2008-4888Nov 4, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter to index.php. NOTE: some of these details are obtained from third party information.

  • CVE-2008-4887Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in NetRisk 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) profile page (profile.php) or (2) game page (game.php). NOTE: some of these details are obtained from third party…

  • CVE-2008-4886Nov 4, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in YourFreeWorld Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the c parameter.

  • CVE-2008-4885Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4884Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4883Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4882Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4881Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4880Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879.

  • CVE-2008-4879Nov 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2008-4880.

  • CVE-2008-3868Nov 3, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts.