VYPR

CVEs

344,987 total · page 6251 of 6,900

  • CVE-2008-4060Sep 24, 2008
    risk 0.00cvss epss 0.05

    Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the…

  • CVE-2008-4059Sep 24, 2008
    risk 0.00cvss epss 0.05

    The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.

  • CVE-2008-4058Sep 24, 2008
    risk 0.00cvss epss 0.05

    The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome…

  • CVE-2008-3837Sep 24, 2008
    risk 0.00cvss epss 0.03

    Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that…

  • CVE-2008-3836Sep 24, 2008
    risk 0.00cvss epss 0.03

    feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions.

  • CVE-2008-3835Sep 24, 2008
    risk 0.00cvss epss 0.02

    The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.

  • CVE-2008-0016Sep 24, 2008
    risk 0.07cvss epss 0.44

    Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.

  • CVE-2008-4208Sep 24, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in OSADS Alliance Database before 2.1 has unknown impact and attack vectors, possibly related to includes/functions.php, a different issue than CVE-2006-2874.

  • CVE-2008-4207Sep 24, 2008
    risk 0.03cvss epss 0.03

    Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php in the main folder, which allows remote attackers to obtain sensitive information via a direct request, which invokes the phpinfo function. NOTE: some of these details are obtained from third party…

  • CVE-2008-4206Sep 24, 2008
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter.

  • CVE-2008-4205Sep 24, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a Search action to index.php. NOTE: some of these details are obtained from third party information.

  • CVE-2008-4204Sep 24, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation System (HRS) allows remote attackers to execute arbitrary SQL commands via the city parameter.

  • CVE-2008-4203Sep 24, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in cn_users.php in CzarNews 1.20 and earlier allows remote attackers to execute arbitrary SQL commands via a recook cookie.

  • CVE-2008-4202Sep 24, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 allows remote attackers to execute arbitrary SQL commands via the idd parameter in a deadlink action.

  • CVE-2008-3663Sep 24, 2008
    risk 0.00cvss epss 0.02

    Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

  • CVE-2008-3098Sep 24, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuzzylime (cms) before 3.03 allows remote attackers to inject arbitrary web script or HTML via the user parameter to the login form.

  • CVE-2008-4201Sep 24, 2008
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.

  • CVE-2008-4194Sep 24, 2008
    risk 0.04cvss epss 0.07

    The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug."

  • CVE-2008-4193Sep 24, 2008
    risk 0.09cvss epss 0.75

    Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter.

  • CVE-2008-4191Sep 24, 2008
    risk 0.00cvss epss 0.00

    extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file.

  • CVE-2008-4190Sep 24, 2008
    risk 0.03cvss epss 0.01

    The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions…

  • CVE-2008-3102Sep 24, 2008
    risk 0.00cvss epss 0.02

    Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

  • CVE-2008-4153Sep 24, 2008
    risk 0.00cvss epss 0.01

    The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, does not perform access checks for a node before displaying comments, which allows remote attackers to obtain sensitive information.

  • CVE-2008-4152Sep 24, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via a node title.

  • CVE-2008-4151Sep 24, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in collect.php in CYASK 3.x allows remote attackers to read arbitrary files via a .. (dot dot) in the neturl parameter.

  • CVE-2008-4150Sep 24, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in picture_category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3763.

  • CVE-2008-4149Sep 24, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to Us module 5.x before 5.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link page header" field.

  • CVE-2008-4148Sep 24, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API.

  • CVE-2008-4147Sep 24, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x before 5.x-3.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an attached file that has a modified Content-Type.

  • CVE-2008-4146Sep 24, 2008
    risk 0.03cvss epss 0.02

    Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field.

  • CVE-2008-4145Sep 24, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

  • CVE-2008-4144Sep 24, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Script Shop allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action.

  • CVE-2008-4143Sep 24, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in category_search.php in RazorCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4142Sep 24, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter.

  • CVE-2008-4141Sep 24, 2008
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.php.

  • CVE-2008-4140Sep 24, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string.

  • CVE-2008-4139Sep 24, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution Quick.Cms.Lite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query string.

  • CVE-2008-4138Sep 24, 2008
    risk 0.04cvss epss 0.10

    PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in TECHNOTE 7 allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter.

  • CVE-2008-4137Sep 24, 2008
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in footer.php in PHP-Crawler 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the footer_file parameter.

  • CVE-2008-4136Sep 24, 2008
    risk 0.03cvss epss 0.03

    Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote attackers to cause a denial of service (service crash) via multiple RETR commands, possibly involving long filenames.

  • CVE-2008-4188Sep 23, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) extension before 1.0.2 allows remote attackers to execute arbitrary code via unknown vectors related to "injection of control characters."

  • CVE-2008-4187Sep 23, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.

  • CVE-2008-4186Sep 23, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id_doc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-4185Sep 23, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213.

  • CVE-2008-4184Sep 23, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal Edition allows remote attackers to inject arbitrary web script or HTML via the patron parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-4183Sep 23, 2008
    risk 0.03cvss epss 0.03

    IntegraMOD 1.4.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup via a direct request to a backup/backup-yyyy-dd-mm.sql filename.

  • CVE-2008-4182Sep 23, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session.

  • CVE-2008-4181Sep 23, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or…

  • CVE-2008-4180Sep 23, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the g_dbuser parameter and a password in the g_dbpwd parameter, and possibly a "localhost" g_dbhost parameter value, related to a "Mysql…

  • CVE-2008-4179Sep 23, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) page_id parameter to smileys.php and the (2) q parameter to search.php.