VYPR

CVEs

344,987 total · page 6242 of 6,900

  • CVE-2008-4642Oct 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.

  • CVE-2008-4641Oct 21, 2008
    risk 0.00cvss epss 0.02

    The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.

  • CVE-2008-4640Oct 21, 2008
    risk 0.00cvss epss 0.00

    The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by…

  • CVE-2008-4639Oct 21, 2008
    risk 0.00cvss epss 0.00

    jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

  • CVE-2008-4638Oct 21, 2008
    risk 0.00cvss epss 0.00

    qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message.

  • CVE-2008-4637Oct 21, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121.

  • CVE-2008-4121Oct 21, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to…

  • CVE-2008-3248Oct 21, 2008
    risk 0.00cvss epss 0.00

    qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating…

  • CVE-2007-4350Oct 21, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the management interface in HP SiteScope 9.0 build 911 allows remote attackers to inject arbitrary web script or HTML via an SNMP trap message.

  • CVE-2008-4635Oct 21, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 and earlier, a module for XOOPS, allows remote attackers to obtain sensitive user information via unknown vectors.

  • CVE-2008-4634Oct 21, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Movable Type 4 through 4.21 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the administrative page, a different vulnerability than CVE-2008-4079.

  • CVE-2008-4633Oct 21, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote."

  • CVE-2008-4632Oct 21, 2008
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the (1) post and (2) doc parameters.

  • CVE-2008-4631Oct 21, 2008
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in the Message::AddToString function in message/Message.cpp in MUSCLE before 4.40 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted message. NOTE: some of these details are obtained from…

  • CVE-2008-4630Oct 21, 2008
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Framework before 8.09.1 have unknown impact and attack vectors.

  • CVE-2008-4629Oct 21, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-4628Oct 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.

  • CVE-2008-4627Oct 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php.

  • CVE-2008-4626Oct 21, 2008
    risk 0.03cvss epss 0.05

    Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files…

  • CVE-2008-4625Oct 21, 2008
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.

  • CVE-2008-4624Oct 21, 2008
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFG[CDIR] parameter.

  • CVE-2008-4623Oct 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.

  • CVE-2008-4622Oct 21, 2008
    risk 0.03cvss epss 0.03

    The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1.

  • CVE-2008-4621Oct 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproperty allows remote attackers to execute arbitrary SQL commands via the adid parameter.

  • CVE-2008-4620Oct 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.

  • CVE-2008-1547Oct 21, 2008
    risk 0.07cvss epss 0.46

    Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.

  • CVE-2008-4619Oct 21, 2008
    risk 0.04cvss epss 0.12

    The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of…

  • CVE-2008-4618Oct 21, 2008
    risk 0.00cvss epss 0.03

    The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related…

  • CVE-2008-4617Oct 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4616Oct 20, 2008
    risk 0.04cvss epss 0.07

    The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key.

  • CVE-2008-4615Oct 20, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors.

  • CVE-2008-4614Oct 20, 2008
    risk 0.03cvss epss 0.03

    PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies.

  • CVE-2008-4613Oct 20, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitrary SQL commands via the sortby parameter.

  • CVE-2008-4612Oct 20, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp and (2) content.asp.

  • CVE-2008-4611Oct 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretci Defteri allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.

  • CVE-2008-4610Oct 20, 2008
    risk 0.04cvss epss 0.09

    MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.

  • CVE-2008-4609Oct 20, 2008
    risk 0.03cvss epss 0.32

    The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate…

  • CVE-2008-3831Oct 20, 2008
    risk 0.00cvss epss 0.01

    The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial…

  • CVE-2007-6718Oct 20, 2008
    risk 0.00cvss epss 0.01

    MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as…

  • CVE-2008-4606Oct 18, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) location_id parameter to locationdel.php and (2) vlan_id parameter to vlanedit.php. NOTE: the vlanview.php and vlandel.php vectors are already…

  • CVE-2008-4605Oct 18, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) dish.php and (2) menu.php.

  • CVE-2008-4604Oct 18, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.

  • CVE-2008-4603Oct 18, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search_games action.

  • CVE-2008-4602Oct 18, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in Post Affiliate Pro 2.0 allows remote authenticated users to read and possibly execute arbitrary local files via a .. (dot dot) in the md parameter.

  • CVE-2008-4601Oct 18, 2008
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter.

  • CVE-2008-4600Oct 18, 2008
    risk 0.03cvss epss 0.03

    configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie.

  • CVE-2008-4599Oct 18, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in category.php in Mosaic Commerce allows remote attackers to execute arbitrary SQL commands via the cid parameter.

  • CVE-2008-4598Oct 17, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drupal, has unspecified impact and remote attack vectors related to "numerous flaws" that are not related to XSS or access control, a different vulnerability than CVE-2008-4596 and CVE-2008-4597.

  • CVE-2008-4597Oct 17, 2008
    risk 0.00cvss epss 0.01

    Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors.

  • CVE-2008-4596Oct 17, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in generated pages.