VYPR

CVEs

344,969 total · page 6286 of 6,900

  • CVE-2008-2392May 21, 2008
    risk 0.00cvss epss 0.04

    Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.

  • CVE-2008-2393May 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-2394May 21, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to contact.php and the (2) nid parameter to news.php.

  • CVE-2008-2395May 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-2396May 21, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in index.php in Wajox Software microSSys CMS 1.5 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in an arbitrary element of the PAGES array parameter.

  • CVE-2008-2397May 21, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-2398May 21, 2008
    risk 0.03cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.

  • CVE-2008-0957May 20, 2008
    risk 0.00cvss epss 0.03

    Multiple stack-based buffer overflows in the PhotoStockPlus Uploader Tool ActiveX control (PSPUploader.ocx) allow remote attackers to execute arbitrary code via unspecified initialization parameters.

  • CVE-2008-2346May 20, 2008
    risk 0.03cvss epss 0.03

    AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass authentication and gain administrative access by creating an admin account via a direct request to adduser.php.

  • CVE-2008-2347May 20, 2008
    risk 0.03cvss epss 0.03

    MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php.

  • CVE-2008-2348May 20, 2008
    risk 0.03cvss epss 0.03

    MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php.

  • CVE-2008-2349May 20, 2008
    risk 0.03cvss epss 0.02

    Zomplog 3.8.2 and earlier allows remote attackers to gain administrative access by creating an admin account via a direct request to install/newuser.php with the admin parameter set to 1.

  • CVE-2008-2350May 20, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter.

  • CVE-2008-2351May 20, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in index.php in CMS WebManager-Pro allow remote attackers to execute arbitrary SQL commands via the (1) lang_id and (2) menu_id parameters.

  • CVE-2008-2352May 20, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in Smeego 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie.

  • CVE-2008-2353May 20, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.

  • CVE-2008-2354May 20, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the data export function in testMaker before 3.0p10 allows test authors to obtain access to export data via unknown vectors.

  • CVE-2008-2355May 20, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in WR-Meeting 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the msnum parameter in a coment event.

  • CVE-2008-2356May 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 and earlier allows remote attackers to execute arbitrary SQL commands via the post_id parameter.

  • CVE-2008-2334May 19, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) forumid parameter to (a) admin/philboard_admin-forumedit.asp, (b) admin/philboard_admin-forum.asp, and (c) W1L3D4_foruma_yeni_konu_ac.asp; the (2)…

  • CVE-2008-2335May 19, 2008
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later…

  • CVE-2008-2336May 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

  • CVE-2008-2337May 19, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b) popup/koment.php and (c) popup/opis.php…

  • CVE-2008-2338May 19, 2008
    risk 0.04cvss epss 0.06

    Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin.

  • CVE-2008-2339May 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549.

  • CVE-2008-2340May 19, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.

  • CVE-2008-2341May 19, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter.

  • CVE-2008-2342May 19, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

  • CVE-2008-2343May 19, 2008
    risk 0.03cvss epss 0.02

    News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.

  • CVE-2008-2344May 19, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-2345May 19, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to "insufficient file filtering."

  • CVE-2008-0167May 18, 2008
    risk 0.03cvss epss 0.01

    The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic…

  • CVE-2008-2281May 18, 2008
    risk 0.05cvss epss 0.23

    Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences,…

  • CVE-2008-2282May 18, 2008
    risk 0.03cvss epss 0.03

    admin.php in Internet Photoshow and Internet Photoshow Special Edition (SE) allows remote attackers to bypass authentication by setting the login_admin cookie to true.

  • CVE-2008-2283May 18, 2008
    risk 0.03cvss epss 0.06

    IDAutomation allows remote attackers to overwrite arbitrary files via the argument to the (1) SaveBarCode and (2) SaveEnhWMF methods in (a) the IDAuto.BarCode.1 ActiveX control in IDAutomationLinear6.dll (aka IDAutomation Linear BarCode) 1.6.0.6, (b) the IDAuto.Datamatrix.1…

  • CVE-2008-2284May 18, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in fusebox5.php in Fusebox 5.5.1 allows remote attackers to execute arbitrary PHP code via a URL in the FUSEBOX_APPLICATION_PATH parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third…

  • CVE-2008-2285May 18, 2008
    risk 0.00cvss epss 0.02

    The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.

  • CVE-2008-2286May 18, 2008
    risk 0.06cvss epss 0.33

    SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.

  • CVE-2008-2287May 18, 2008
    risk 0.00cvss epss 0.00

    Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse.

  • CVE-2008-2288May 18, 2008
    risk 0.00cvss epss 0.00

    Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information.

  • CVE-2008-2289May 18, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors.

  • CVE-2008-2290May 18, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors.

  • CVE-2008-2291May 18, 2008
    risk 0.00cvss epss 0.04

    axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials.

  • CVE-2008-2292May 18, 2008
    risk 0.04cvss epss 0.08

    Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).

  • CVE-2008-2293May 18, 2008
    risk 0.03cvss epss 0.03

    admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1.

  • CVE-2008-2294May 18, 2008
    risk 0.03cvss epss 0.03

    Pet Grooming Management System 2.0 allows remote attackers to gain privileges via a direct request to useradded.php with a modified user name for "admin."

  • CVE-2008-2295May 18, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard 3.0.12, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the s_text parameter and other unspecified vectors.

  • CVE-2008-2296May 18, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in Rgboard 3.0.12 allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.

  • CVE-2008-2297May 18, 2008
    risk 0.03cvss epss 0.02

    The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "<?php" or "?>", which is present in the password file and probably passes an insufficient comparison.

  • CVE-2008-2298May 18, 2008
    risk 0.03cvss epss 0.03

    Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1.