VYPR

CVEs

344,984 total · page 6262 of 6,900

  • CVE-2008-3600Aug 12, 2008
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action.

  • CVE-2008-3601Aug 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action.

  • CVE-2008-3602Aug 12, 2008
    risk 0.03cvss epss 0.03

    admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.

  • CVE-2008-3603Aug 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections action.

  • CVE-2008-3604CriAug 12, 2008
    risk 0.67cvss 9.8epss 0.04

    SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter.

  • CVE-2008-3605Aug 12, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, when the Re-use Threshold for passwords is nonzero, allows remote attackers to conduct offline brute force attacks via unknown vectors.

  • CVE-2008-3606Aug 12, 2008
    risk 0.03cvss epss 0.04

    Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are…

  • CVE-2008-3607Aug 12, 2008
    risk 0.03cvss epss 0.03

    The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via multiple long LOGIN commands.

  • CVE-2008-3595Aug 12, 2008
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in examples/txtSQLAdmin/startup.php in txtSQL 2.2 Final allows remote attackers to execute arbitrary PHP code via a URL in the CFG[txtsql][class] parameter.

  • CVE-2008-3596Aug 12, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allows remote attackers to inject arbitrary web script or HTML via the Username field, which is inserted into logs that could be rendered when viewed by an administrator.

  • CVE-2008-3597HigAug 12, 2008
    risk 0.49cvss 7.5epss 0.03

    Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game.

  • CVE-2008-3585Aug 11, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) product_desc.php and (2) store_info.php.

  • CVE-2008-3586Aug 11, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

  • CVE-2008-3587Aug 11, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter.

  • CVE-2008-3588Aug 11, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to comments.php, (2) cid parameter to index.php, and the (3) urltitle parameter to entries.php.

  • CVE-2008-3589Aug 11, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.

  • CVE-2008-3590Aug 11, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third…

  • CVE-2008-3591Aug 11, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.

  • CVE-2008-3592Aug 11, 2008
    risk 0.04cvss epss 0.07

    Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination…

  • CVE-2008-3593Aug 11, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

  • CVE-2008-3594Aug 11, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter.

  • CVE-2008-3576Aug 10, 2008
    risk 0.01cvss epss 0.06

    Buffer overflow in the TruncateString function in src/gfx.cpp in OpenTTD before 0.6.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string. NOTE: some of these details are obtained from third party…

  • CVE-2008-3577Aug 10, 2008
    risk 0.00cvss epss 0.00

    Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttd_main function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments.

  • CVE-2008-3578Aug 10, 2008
    risk 0.04cvss epss 0.07

    HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long irc:// URI.

  • CVE-2008-3579Aug 10, 2008
    risk 0.00cvss epss 0.02

    Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged…

  • CVE-2008-3580Aug 10, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to visit.php, or the PATH_INFO to the default URI under (2) report/, (3) addreview/, or (4) refer/.

  • CVE-2008-3581Aug 10, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the login_message parameter in a login action.

  • CVE-2008-3582Aug 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.

  • CVE-2008-3583Aug 10, 2008
    risk 0.03cvss epss 0.05

    Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. NOTE: this might be related to CVE-2008-3360. NOTE: it was later reported that 2.08 Beta 4 is also affected.

  • CVE-2008-3273Aug 10, 2008
    risk 0.07cvss epss 0.47

    JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.

  • CVE-2008-3561Aug 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in s03.php in Powergap Shopsystem, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the ag parameter.

  • CVE-2008-3562Aug 10, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in the Contact module in Chupix CMS 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mods parameter. NOTE: the provenance of this information…

  • CVE-2008-3563Aug 10, 2008
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote…

  • CVE-2008-3564Aug 10, 2008
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file…

  • CVE-2008-3565Aug 10, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. …

  • CVE-2008-3566Aug 10, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter to (1) the default URI or (2) index.php, or (3) the PATH_INFO to index.php. NOTE: the provenance of this information is…

  • CVE-2008-3567Aug 10, 2008
    risk 0.00cvss epss 0.02

    Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.

  • CVE-2008-3568Aug 10, 2008
    risk 0.03cvss epss 0.03

    Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote attackers to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a different vulnerability than…

  • CVE-2008-3569Aug 10, 2008
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php.

  • CVE-2008-3570Aug 10, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in index.php in Africa Be Gone (ABG) 1.0a allows remote attackers to execute arbitrary PHP code via a URL in the abg_path parameter.

  • CVE-2008-3571Aug 10, 2008
    risk 0.06cvss epss 0.36

    The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900.

  • CVE-2008-3572Aug 10, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 allows remote attackers to inject arbitrary web script or HTML via the category parameter.

  • CVE-2008-3573Aug 10, 2008
    risk 0.03cvss epss 0.02

    The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation…

  • CVE-2008-3574Aug 10, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4)…

  • CVE-2008-3575Aug 10, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[gsLanguage] parameter, a different vector than CVE-2006-4477 and CVE-2004-0132.

  • CVE-2008-1664Aug 8, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.

  • CVE-2008-1945Aug 8, 2008
    risk 0.00cvss epss 0.00

    QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to…

  • CVE-2008-2377Aug 8, 2008
    risk 0.00cvss epss 0.05

    Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data…

  • CVE-2008-3337Aug 8, 2008
    risk 0.00cvss epss 0.06

    PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.

  • CVE-2008-3532Aug 8, 2008
    risk 0.00cvss epss 0.02

    The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.