VYPR

CVEs

344,930 total · page 6313 of 6,899

  • CVE-2008-0859Feb 21, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to decoding of uuencoded input, which triggers memory corruption.

  • CVE-2008-0860Feb 21, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vectors related to null DACLs.

  • CVE-2008-0834Feb 20, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-0835Feb 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter.

  • CVE-2008-0836Feb 20, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 9 and 10 on x86 architectures allows local users to cause a denial of service (panic) via unspecified vectors that trigger a NULL pointer dereference in the vuid3ps2 module, a different issue than…

  • CVE-2008-0837Feb 20, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the administrator views the log file.

  • CVE-2008-0838Feb 20, 2008
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page.

  • CVE-2008-0839Feb 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-0840Feb 20, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in view_member.php in Public Warehouse LightBlog 9.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the username parameter.

  • CVE-2008-0841Feb 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-0842Feb 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Classifier (com_clasifier) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

  • CVE-2008-0843Feb 20, 2008
    risk 0.03cvss epss 0.03

    StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp.

  • CVE-2008-0844Feb 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the PccookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

  • CVE-2008-0845Feb 20, 2008
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter.

  • CVE-2008-0846Feb 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter.

  • CVE-2008-0831Feb 20, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidrecipe) 1.6.5 and earlier component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) user_id or (2) category_id parameter. NOTE: this might overlap CVE-2008-0754.

  • CVE-2008-0832Feb 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action.

  • CVE-2008-0833Feb 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the com_galeria component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

  • CVE-2007-6319Feb 19, 2008
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitrary mailing lists via unknown vectors related to modification of client-side…

  • CVE-2008-0830Feb 19, 2008
    risk 0.03cvss epss 0.02

    The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043.

  • CVE-2008-0827Feb 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.

  • CVE-2008-0828Feb 19, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail; or (2) the website field of the profile.

  • CVE-2008-0829Feb 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.

  • CVE-2008-0818Feb 19, 2008
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in freePHPgallery 0.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie to (1) comment.php, (2) index.php, and (3) show.php.

  • CVE-2008-0819Feb 19, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

  • CVE-2008-0820Feb 19, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER['PHP_INFO']. NOTE: the vendor disputes this issue in a followup, stating that the affected variable is…

  • CVE-2008-0821Feb 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action.

  • CVE-2008-0822Feb 19, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter.

  • CVE-2008-0823Feb 19, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors.

  • CVE-2008-0824Feb 19, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors.

  • CVE-2008-0825Feb 19, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Claroline before 1.8.9 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2008-0826Feb 19, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Claroline before 1.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-0810Feb 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-0811Feb 19, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php.

  • CVE-2008-0812Feb 19, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the action parameter.

  • CVE-2008-0813Feb 19, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.

  • CVE-2008-0814Feb 19, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in download.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the upload_filename parameter.

  • CVE-2008-0815Feb 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task.

  • CVE-2008-0816Feb 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the com_sg component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the pid parameter in an order task.

  • CVE-2008-0817Feb 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.

  • CVE-2008-0807Feb 19, 2008
    risk 0.00cvss epss 0.01

    lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote…

  • CVE-2008-0808Feb 19, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.

  • CVE-2008-0809Feb 19, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.

  • CVE-2007-6258Feb 19, 2008
    risk 0.06cvss epss 0.41

    Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.

  • CVE-2008-0556Feb 19, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, and possibly earlier versions, allows remote attackers to perform unauthorized actions as authorized users via a link or IMG tag to RAServer.

  • CVE-2008-0804Feb 19, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code via a URL in the name parameter.

  • CVE-2008-0805Feb 19, 2008
    risk 0.03cvss epss 0.05

    Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures.

  • CVE-2008-0806Feb 19, 2008
    risk 0.00cvss epss 0.00

    wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file.

  • CVE-2007-6313Feb 18, 2008
    risk 0.00cvss epss 0.01

    MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.

  • CVE-2008-0674Feb 18, 2008
    risk 0.00cvss epss 0.06

    Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.