VYPR

CVEs

344,978 total · page 6276 of 6,900

  • CVE-2008-2924Jun 30, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-2925Jun 30, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Webmatic before 2.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2008-2884Jun 27, 2008
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2008-2885Jun 27, 2008
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in src/browser/resource/categories/resource_categories_view.php in Open Digital Assets Repository System (ODARS) 1.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CLASSES_ROOT…

  • CVE-2008-2886Jun 27, 2008
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in include/plugins/jrBrowser/purchase.php in Jamroom 3.3.0 through 3.3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter.

  • CVE-2008-2887Jun 27, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in chaozz@work FubarForum 1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

  • CVE-2008-2888Jun 27, 2008
    risk 0.04cvss epss 0.08

    Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[application][app_root] parameter to (1) collection.class.php and (2) content_image.class.php in…

  • CVE-2008-2889Jun 27, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP 4.1.0 and 5.5.8 allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.

  • CVE-2008-2890Jun 27, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fflteam_id parameter to teams.php, the (2) league_id parameter to leagues.php, and the (3) player_id parameter…

  • CVE-2008-2891Jun 27, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a category action.

  • CVE-2008-2892Jun 27, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.

  • CVE-2008-2893Jun 27, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-2532.

  • CVE-2008-2894Jun 27, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.

  • CVE-2008-2895Jun 27, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

  • CVE-2008-2896Jun 27, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in FireAnt 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

  • CVE-2008-2897Jun 27, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta allows remote attackers to execute arbitrary SQL commands via the page parameter.

  • CVE-2008-2898Jun 27, 2008
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in includes/header.php in Hedgehog-CMS 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the c_temp_path parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by…

  • CVE-2008-2899Jun 27, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in includes/classes/page.php in j00lean-CMS 1.03 has unknown impact and attack vectors.

  • CVE-2008-2900Jun 27, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in item.php in PHPAuction 3.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-2061Jun 26, 2008
    risk 0.00cvss epss 0.02

    The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748.

  • CVE-2008-2062Jun 26, 2008
    risk 0.00cvss epss 0.02

    The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct…

  • CVE-2008-2730Jun 26, 2008
    risk 0.00cvss epss 0.02

    The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP…

  • CVE-2008-2867Jun 26, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter.

  • CVE-2008-2868Jun 26, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter.

  • CVE-2008-2869Jun 26, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows remote attackers to execute arbitrary SQL commands via the linkid parameter.

  • CVE-2008-2870Jun 26, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow remote attackers to execute arbitrary SQL commands via the (1) eventID parameter to event_info.php and the (2) userID parameter to list_user.php.

  • CVE-2008-2871Jun 26, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in template2.php in PEGames allow remote attackers to inject arbitrary web script or HTML via the (1) sitetitle, (2) sitenav, (3) sitemain, and (4) sitealt parameters. NOTE: the provenance of this information is unknown; the…

  • CVE-2008-2872Jun 26, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.

  • CVE-2008-2873Jun 26, 2008
    risk 0.03cvss epss 0.03

    sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.

  • CVE-2008-2874Jun 26, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbjoke_id parameter, a different vector than CVE-2008-1050.

  • CVE-2008-2875Jun 26, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 allows remote attackers to execute arbitrary SQL commands via the hal parameter.

  • CVE-2008-2876Jun 26, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in mUnky 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the zone parameter.

  • CVE-2008-2877Jun 26, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in admin/include/lib.module.php in cmsWorks 2.2 RC4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter.

  • CVE-2008-2878Jun 26, 2008
    risk 0.03cvss epss 0.03

    Open redirect vulnerability in rss_getfile.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter.

  • CVE-2008-2879Jun 26, 2008
    risk 0.00cvss epss 0.02

    Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers to add or delete a menu.

  • CVE-2008-2880Jun 26, 2008
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and 3.2.1.1 allows remote attackers to execute arbitrary code via a long SRC property value. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-2881Jun 26, 2008
    risk 0.03cvss epss 0.02

    Relative Real Estate Systems 3.0 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.

  • CVE-2008-2882Jun 26, 2008
    risk 0.03cvss epss 0.03

    upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.

  • CVE-2008-2883Jun 26, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter. NOTE: some of these details are obtained from third party…

  • CVE-2008-1951Jun 25, 2008
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries before 1-13a.el4_6.1 in Red Hat Enterprise Linux (RHEL) 4, and before 1-31.el5_2.1 in RHEL 5, allows local users to gain privileges…

  • CVE-2008-2641Jun 25, 2008
    risk 0.02cvss epss 0.22

    Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript…

  • CVE-2008-2842Jun 25, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doITLive CMS 2.50 and earlier allows remote attackers to inject arbitrary web script or HTML via the FILE parameter.

  • CVE-2008-2843Jun 25, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp.

  • CVE-2008-2844Jun 25, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Carscripts Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.

  • CVE-2008-2845Jun 25, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in MyBizz-Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.

  • CVE-2008-2846Jun 25, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in BoatScripts Classifieds allows remote attackers to execute arbitrary SQL commands via the type parameter.

  • CVE-2008-2847Jun 25, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 allows remote attackers to execute arbitrary SQL commands via the categori parameter in a pocategorisell action to modules.php.

  • CVE-2008-2848Jun 25, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the search functionality in MindTouch DekiWiki before 8.05.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-2849Jun 25, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-2850Jun 25, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API.