VYPR

CVEs

344,987 total · page 6259 of 6,900

  • CVE-2008-3785Aug 26, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in the com_content component in MiaCMS 4.6.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) view, (2) category, or (3) blogsection action to index.php.

  • CVE-2008-3786Aug 26, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action.

  • CVE-2008-3787Aug 26, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.

  • CVE-2008-3788Aug 26, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password…

  • CVE-2008-3776Aug 25, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

  • CVE-2008-3777Aug 25, 2008
    risk 0.00cvss epss 0.00

    The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to…

  • CVE-2008-3778Aug 25, 2008
    risk 0.00cvss epss 0.01

    The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause…

  • CVE-2008-3766Aug 22, 2008
    risk 0.00cvss epss 0.01

    Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon) before 2.1.2 allows remote attackers to cause a denial of service (application crash) via malformed protocol messages.

  • CVE-2008-3767Aug 22, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter.

  • CVE-2008-3768Aug 22, 2008
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email…

  • CVE-2008-3769Aug 22, 2008
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in admin/create_order_new.php in Freeway 1.4.1.171, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the include_page parameter.

  • CVE-2008-3770Aug 22, 2008
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2)…

  • CVE-2008-3771Aug 22, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in members.php in Pars4u Videosharing 1 allows remote attackers to inject arbitrary web script or HTML via the PageNo parameter.

  • CVE-2008-3772Aug 22, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in categories_portal.php in Pars4u Videosharing 1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

  • CVE-2008-3773Aug 22, 2008
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]).

  • CVE-2008-3774Aug 22, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Simasy CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-3775MedAug 22, 2008
    risk 0.29cvss 4.4epss 0.00

    Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the password, which allows local administrators to obtain sensitive information by reading and decrypting the QualityControl\_pack registry value.

  • CVE-2008-3748Aug 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-3749Aug 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in tr.php in YourFreeWorld Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-3750Aug 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-3751Aug 21, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-3752Aug 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-3753Aug 21, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-3754Aug 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-3755Aug 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in view.php in YourFreeWorld Classifieds Script allows remote attackers to execute arbitrary SQL commands via the category parameter.

  • CVE-2008-3756Aug 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-3757Aug 21, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-3758Aug 21, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via…

  • CVE-2008-3759Aug 21, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors.

  • CVE-2008-3760Aug 21, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php.

  • CVE-2008-3761Aug 21, 2008
    risk 0.03cvss epss 0.01

    hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local…

  • CVE-2008-3762Aug 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.

  • CVE-2008-3763Aug 21, 2008
    risk 0.03cvss epss 0.03

    Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by…

  • CVE-2008-3764Aug 21, 2008
    risk 0.03cvss epss 0.03

    Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php.

  • CVE-2008-3765Aug 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-3718Aug 20, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter to show_topic.php and the (2) user parameter to profile.php.

  • CVE-2008-3719Aug 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in directory.php in SFS Affiliate Directory allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action.

  • CVE-2008-3720Aug 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679.

  • CVE-2008-3721Aug 20, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in user_language.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter.

  • CVE-2008-3722Aug 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the kat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-3723Aug 20, 2008
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE:…

  • CVE-2008-3724Aug 20, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in index.php in Papoo before 3.7.2 allows remote attackers to execute arbitrary SQL commands via the suchanzahl parameter.

  • CVE-2008-3725Aug 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-3726Aug 20, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI.

  • CVE-2008-3727Aug 20, 2008
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

  • CVE-2008-3728Aug 20, 2008
    risk 0.00cvss epss 0.02

    Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests…

  • CVE-2008-3729Aug 20, 2008
    risk 0.00cvss epss 0.02

    Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie.

  • CVE-2008-3730Aug 20, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-3731Aug 20, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging.

  • CVE-2008-3732Aug 20, 2008
    risk 0.04cvss epss 0.13

    Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of…