VYPR

CVEs

344,987 total · page 6239 of 6,900

  • CVE-2008-4784Oct 29, 2008
    risk 0.03cvss epss 0.03

    aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php.

  • CVE-2008-4783Oct 29, 2008
    risk 0.03cvss epss 0.03

    tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to "admin."

  • CVE-2008-4782Oct 29, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.

  • CVE-2008-4781Oct 29, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter.

  • CVE-2008-4780Oct 29, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter.

  • CVE-2008-4779Oct 29, 2008
    risk 0.08cvss epss 0.65

    Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file.

  • CVE-2008-4778Oct 29, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action.

  • CVE-2008-4777Oct 29, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.

  • CVE-2008-4776Oct 28, 2008
    risk 0.00cvss epss 0.01

    libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.

  • CVE-2008-4775Oct 28, 2008
    risk 0.03cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than…

  • CVE-2008-4774Oct 28, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter.

  • CVE-2008-4773Oct 28, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter.

  • CVE-2008-4772Oct 28, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter.

  • CVE-2008-4771Oct 28, 2008
    risk 0.04cvss epss 0.07

    Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly…

  • CVE-2008-4769Oct 28, 2008
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details…

  • CVE-2008-4768Oct 28, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to execute arbitrary SQL commands via the nom parameter to a-b-membres.php. NOTE: the goodies.php vector is already covered by CVE-2007-4808. NOTE: the provenance of this information is unknown; the details are…

  • CVE-2008-4767Oct 28, 2008
    risk 0.03cvss epss 0.04

    Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of…

  • CVE-2008-4766Oct 28, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-4765Oct 28, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.

  • CVE-2008-4764Oct 28, 2008
    risk 0.04cvss epss 0.17

    Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.

  • CVE-2008-4763Oct 28, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHP_SELF variable.

  • CVE-2008-4762Oct 28, 2008
    risk 0.04cvss epss 0.14

    Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters.

  • CVE-2008-4761Oct 28, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown; the…

  • CVE-2008-4760Oct 28, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4759Oct 28, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter.

  • CVE-2008-4758Oct 28, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. (dot dot) in the fichier parameter.

  • CVE-2008-4757Oct 28, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d) prest_detail.php.

  • CVE-2008-4756Oct 28, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter.

  • CVE-2008-4755Oct 28, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4754Oct 27, 2008
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.

  • CVE-2008-4753Oct 27, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter.

  • CVE-2008-4752Oct 27, 2008
    risk 0.03cvss epss 0.03

    TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin.

  • CVE-2008-4751Oct 27, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597.

  • CVE-2008-4750Oct 27, 2008
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allows remote attackers to execute arbitrary code via a long LogFile property.

  • CVE-2008-4749Oct 27, 2008
    risk 0.03cvss epss 0.03

    Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files via (1) the LogFile property and ClearLogFile method, and (2) the SaveToFile…

  • CVE-2008-4748Oct 27, 2008
    risk 0.04cvss epss 0.08

    Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI.

  • CVE-2008-4747Oct 27, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library.

  • CVE-2008-4746Oct 27, 2008
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) search.asp and (2) cartUtil.asp.

  • CVE-2008-4745Oct 27, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin eCart Professional 2.0.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-4744Oct 27, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc allows remote attackers to execute arbitrary SQL commands via the pid parameter.

  • CVE-2008-4743Oct 27, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attackers to execute arbitrary SQL commands via the catid parameter.

  • CVE-2008-4742Oct 27, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in interface/Login.php in TimeTrex 2.2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) password and (2) user_name parameters.

  • CVE-2008-4741Oct 27, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.

  • CVE-2008-4740Oct 27, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[template]…

  • CVE-2006-7234Oct 27, 2008
    risk 0.03cvss epss 0.01

    Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.

  • CVE-2008-4739Oct 24, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the navi parameter.

  • CVE-2008-4738Oct 24, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4737Oct 24, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the dom parameter.

  • CVE-2008-4736Oct 24, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the showtopic parameter.

  • CVE-2008-4735Oct 24, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in header.php in Concord Asset, Software, and Ticket system (CoAST) 0.95 allows remote attackers to execute arbitrary PHP code via a URL in the sections_file parameter.