VYPR

CVEs

344,976 total · page 6277 of 6,900

  • CVE-2008-2853Jun 25, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Easy Webstore 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_path parameter.

  • CVE-2008-2854Jun 25, 2008
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[preloc] parameter to (1) modules/core/logger/init.php and (2) AJAX/newscat.php.

  • CVE-2008-2855Jun 25, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

  • CVE-2008-2856Jun 25, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-2857Jun 25, 2008
    risk 0.03cvss epss 0.02

    AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.

  • CVE-2008-2858Jun 25, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-2859Jun 25, 2008
    risk 0.03cvss epss 0.03

    Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command."

  • CVE-2008-2860Jun 25, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in category.php in AJSquare AJ Auction Pro web 2.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.

  • CVE-2008-2861Jun 25, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail parameters to login.asp.

  • CVE-2008-2862Jun 25, 2008
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp.

  • CVE-2008-2863Jun 25, 2008
    risk 0.03cvss epss 0.03

    Multiple absolute path traversal vulnerabilities in eLineStudio Site Composer (ESC) 2.6 allow remote attackers to create or delete arbitrary directories via a full pathname in the inpCurrFolder parameter to (1) folderdel_.asp or (2) foldernew.asp in cms/assetmanager/.

  • CVE-2008-2864Jun 25, 2008
    risk 0.03cvss epss 0.03

    eLineStudio Site Composer (ESC) 2.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) trigger.asp or (2) common2.asp in cms/include/, which reveals the database path.

  • CVE-2008-2865Jun 25, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site Lock 2.0 allows remote attackers to execute arbitrary SQL commands via the articleid parameter in a show_article action.

  • CVE-2008-2866Jun 25, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in csc_article_details.php in Caupo.net CaupoShop Classic 1.3 allows remote attackers to execute arbitrary SQL commands via the saArticle[ID] parameter.

  • CVE-2008-2427Jun 24, 2008
    risk 0.04cvss epss 0.16

    Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file.

  • CVE-2008-2662Jun 24, 2008
    risk 0.00cvss epss 0.04

    Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via…

  • CVE-2008-2663Jun 24, 2008
    risk 0.00cvss epss 0.04

    Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a…

  • CVE-2008-2664Jun 24, 2008
    risk 0.00cvss epss 0.04

    The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue…

  • CVE-2008-2725Jun 24, 2008
    risk 0.00cvss epss 0.04

    Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via…

  • CVE-2008-2726Jun 24, 2008
    risk 0.00cvss epss 0.04

    Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory…

  • CVE-2008-2832Jun 24, 2008
    risk 0.04cvss epss 0.12

    Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in…

  • CVE-2008-2833Jun 24, 2008
    risk 0.03cvss epss 0.04

    admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters.

  • CVE-2008-2834Jun 24, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in projects.php in Scientific Image DataBase 0.41 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-2835Jun 24, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows remote attackers to execute arbitrary SQL commands via the formid parameter.

  • CVE-2008-2836Jun 24, 2008
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in send_reminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter and a 0 value for the noSet parameter, a different vector than CVE-2007-1483.

  • CVE-2008-2837Jun 24, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in CMS-BRD allows remote attackers to execute arbitrary SQL commands via the menuclick parameter.

  • CVE-2008-2838Jun 24, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in Traindepot 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter.

  • CVE-2008-2839Jun 24, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the search module in Traindepot 0.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to index.php.

  • CVE-2008-2840Jun 24, 2008
    risk 0.00cvss epss 0.01

    Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompage.php, (2) errors/404.php, (3) members/memberslist.php, (4)…

  • CVE-2008-2841Jun 24, 2008
    risk 0.04cvss epss 0.15

    Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.

  • CVE-2008-2306Jun 23, 2008
    risk 0.00cvss epss 0.04

    Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files.

  • CVE-2008-2307Jun 23, 2008
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving…

  • CVE-2008-2829Jun 23, 2008
    risk 0.00cvss epss 0.05

    php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow"…

  • CVE-2008-2830Jun 23, 2008
    risk 0.03cvss epss 0.01

    Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application,…

  • CVE-2008-1952Jun 23, 2008
    risk 0.00cvss epss 0.00

    The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amount of guest memory.

  • CVE-2008-2827Jun 23, 2008
    risk 0.03cvss epss 0.01

    The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.

  • CVE-2008-2828Jun 23, 2008
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in tmsnc allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an MSN packet with a UBX command containing a large UBX payload length field.

  • CVE-2008-2813Jun 23, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in WallCity-Server Shoutcast Admin Panel 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

  • CVE-2008-2814Jun 23, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in WallCity-Server Shoutcast Admin Panel 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter to the login interface. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2008-2815Jun 23, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in shopping/index.php in MyMarket 1.72 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-2816Jun 23, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin Board) 2.0 allows remote attackers to execute arbitrary SQL commands via the repquote parameter in a reply action, a different vector than CVE-2006-1572.

  • CVE-2008-2817Jun 23, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action.

  • CVE-2008-2818Jun 23, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the section parameter to the default URI.

  • CVE-2008-2819Jun 23, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and earlier MySQL and PostgreSQL editions allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2008-2820Jun 23, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in lang/lang-system.php in Open Azimyt CMS 0.22 minimal and 0.21 stable allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

  • CVE-2008-2821Jun 23, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.

  • CVE-2008-2822Jun 23, 2008
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in the FTP client in 3D-FTP Client 8.01 (8.0 build 1) allow remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a (1) LIST or (2) MLSD command.

  • CVE-2008-2823Jun 23, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in newsarchive.php in PHPeasyblog (formerly phpeasynews) 1.13 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.

  • CVE-2008-2824Jun 23, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors.

  • CVE-2008-2825Jun 23, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.