VYPR

CVEs

344,976 total · page 6281 of 6,900

  • CVE-2008-2643Jun 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.

  • CVE-2008-2644Jun 10, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the (1) data parameter to catalog.php, the (2) keyword parameter to search.php, the (3) page parameter to bb.php, and the (4) new_s…

  • CVE-2008-2645Jun 10, 2008
    risk 0.06cvss epss 0.39

    Multiple PHP remote file inclusion vulnerabilities in Brim (formerly Booby) 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in (1) barrel/, (2) barry/, (3) mylook/, (4) oerdec/, (5) penguin/, (6) sidebar/, (7)…

  • CVE-2008-2646Jun 10, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sql parameter to dbadd.inc.php, (2) InsertJournal parameter to add_journal_mask.inc.php, (3) InsertBibliography parameter to…

  • CVE-2008-2647Jun 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin/journal_change_mask.inc.php in meBiblio 0.4.7 allows remote attackers to execute arbitrary SQL commands via the JID parameter.

  • CVE-2008-2648Jun 10, 2008
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in upload/uploader.html in meBiblio 0.4.7 allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the files/ directory.

  • CVE-2008-2649Jun 10, 2008
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 Beta allow remote attackers to execute arbitrary PHP code via a URL in the app_path parameter to (1) don3_requiem.don3app/don3_requiem.php and (2) frontpage.don3app/frontpage.php.

  • CVE-2008-2650Jun 10, 2008
    risk 0.05cvss epss 0.19

    Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file…

  • CVE-2008-2651Jun 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the forum parameter in a forum action to index.php.

  • CVE-2008-2652Jun 10, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters.

  • CVE-2008-1673Jun 10, 2008
    risk 0.01cvss epss 0.07

    The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers…

  • CVE-2008-2358Jun 10, 2008
    risk 0.00cvss epss 0.00

    Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a…

  • CVE-2008-2626Jun 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter.

  • CVE-2008-2627Jun 10, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 and earlier and 1.0, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the userid parameter in a userblog action to index.php.

  • CVE-2008-2628Jun 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the eQuotes (com_equotes) component 0.9.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

  • CVE-2008-2629Jun 10, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.

  • CVE-2008-2630Jun 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php.

  • CVE-2008-2631Jun 10, 2008
    risk 0.05cvss epss 0.23

    The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2008-2632Jun 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php.

  • CVE-2008-2633Jun 10, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.

  • CVE-2008-2634Jun 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.asp in I-Pos Internet Pay Online Store 1.3 Beta and earlier allows remote attackers to execute arbitrary SQL commands via the item parameter.

  • CVE-2008-2635Jun 10, 2008
    risk 0.00cvss epss 0.02

    Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a .. (dot dot) in (1) a response to a LIST command from the BitKinex FTP client and (2) a response to a PROPFIND command from the…

  • CVE-2008-2636Jun 10, 2008
    risk 0.00cvss epss 0.03

    The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page"…

  • CVE-2008-2637Jun 10, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the…

  • CVE-2008-2638Jun 10, 2008
    risk 0.03cvss epss 0.04

    Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.

  • CVE-2008-1106Jun 9, 2008
    risk 0.00cvss epss 0.01

    The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote…

  • CVE-2008-1805Jun 6, 2008
    risk 0.00cvss epss 0.04

    Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the…

  • CVE-2008-2388Jun 6, 2008
    risk 0.00cvss epss 0.01

    Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have unspecified impact and attack vectors. NOTE: the vendor states that these "can be considered no security problem."

  • CVE-2008-2389Jun 6, 2008
    risk 0.00cvss epss 0.00

    opensuse-updater in openSUSE 10.2 allows local users to access arbitrary files via a symlink attack.

  • CVE-2008-2545Jun 6, 2008
    risk 0.00cvss epss 0.04

    Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension…

  • CVE-2008-2574Jun 6, 2008
    risk 0.03cvss epss 0.05

    Unrestricted file upload vulnerability in admin/Editor/imgupload.php in FlashBlog 0.31 beta allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in tus_imagenes/.

  • CVE-2008-2575Jun 6, 2008
    risk 0.00cvss epss 0.03

    cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.

  • CVE-2008-2560Jun 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter.

  • CVE-2008-2561Jun 6, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to (a) register.php, (b) reminder.php, and (c) search.php; the (2) uname, (3) email, and (4) email2 parameters to register.php;…

  • CVE-2008-2562Jun 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action.

  • CVE-2008-2563Jun 6, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in (1) dsp_main.php and (2) dsp_task_editor.php in SamTodo 1.1 allow remote attackers to inject arbitrary web script or HTML via the (a) tid parameter in a main.taskeditor edit action, and the (b) completed parameter in a…

  • CVE-2008-2564Jun 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.

  • CVE-2008-2565Jun 6, 2008
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.

  • CVE-2008-2566Jun 6, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.

  • CVE-2008-2567Jun 6, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 Release2 and earlier, Portable Sleipnir 2.7.1 Release2 and earlier, and Grani 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a history mechanism…

  • CVE-2008-2568Jun 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.

  • CVE-2008-2569Jun 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the EasyBook (com_easybook) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a deleteentry action to index.php.

  • CVE-2008-2570Jun 6, 2008
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) before 1.71 have unknown impact and attack vectors.

  • CVE-2008-2571Jun 6, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerly PHPSurveyor) before 1.71 allows remote attackers to change arbitrary quotas as administrators via a "modify quota" action.

  • CVE-2008-2572Jun 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in php/leer_comentarios.php in FlashBlog allows remote attackers to execute arbitrary SQL commands via the articulo_id parameter.

  • CVE-2008-2573Jun 6, 2008
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command.

  • CVE-2008-2559Jun 5, 2008
    risk 0.00cvss epss 0.04

    Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows remote attackers to execute arbitrary code via a malformed packet to TCP port 3050, which triggers a stack-based buffer overflow. NOTE: this issue might be related to CVE-2008-0467.

  • CVE-2008-2554Jun 5, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp.

  • CVE-2008-2555Jun 5, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in EasyWay CMS allows remote attackers to execute arbitrary SQL commands via the mid parameter.

  • CVE-2008-2556Jun 5, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the datespan parameter in a read action.