VYPR

CVEs

344,930 total · page 6314 of 6,899

  • CVE-2008-0795Feb 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.

  • CVE-2008-0796Feb 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in threads.php in Nuboard 0.5 allows remote attackers to execute arbitrary SQL commands via the ssid parameter.

  • CVE-2008-0797Feb 15, 2008
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in lib/download.php in iTheora 1.0 rc1 allows remote attackers to read arbitrary files via directory traversal sequences in the url parameter.

  • CVE-2008-0798Feb 15, 2008
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in artmedic webdesign weblog 1.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ta parameter to artmedic_index.php, reached through index.php; and the (2) date…

  • CVE-2008-0799Feb 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.

  • CVE-2008-0800Feb 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) 0.9 Final component for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.

  • CVE-2008-0801Feb 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter.

  • CVE-2008-0802Feb 15, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in the MediaSlide (com_mediaslide) 0.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the albumnum parameter in a contact action.

  • CVE-2008-0803Feb 15, 2008
    risk 0.06cvss epss 0.33

    Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan Manager 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the sys_conf[path][real] parameter to (1) modules\class\Table.php; (2) db_admins.php, (3) db_alert.php, (4) db_double.php, (5)…

  • CVE-2008-0526Feb 15, 2008
    risk 0.00cvss epss 0.02

    Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet.

  • CVE-2008-0527Feb 15, 2008
    risk 0.00cvss epss 0.02

    The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request.

  • CVE-2008-0528Feb 15, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote attackers to execute arbitrary code via a SIP message with crafted MIME data.

  • CVE-2008-0529Feb 15, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command.

  • CVE-2008-0530Feb 15, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP and SIP firmware might allow remote attackers to execute arbitrary code via a crafted DNS response.

  • CVE-2008-0531Feb 15, 2008
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote SIP servers to execute arbitrary code via a crafted challenge/response message.

  • CVE-2008-0777Feb 15, 2008
    risk 0.00cvss epss 0.00

    The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files.

  • CVE-2008-0789Feb 15, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in countdown.php in LI-Scripts LI-Countdown allows remote attackers to execute arbitrary SQL commands via the years parameter.

  • CVE-2008-0790Feb 15, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

  • CVE-2008-0791Feb 15, 2008
    risk 0.00cvss epss 0.02

    ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to cause a denial of service (CPU consumption) via short packets on TCP port 5001 with the 3, 5, 7, 13, 14, or 15 packet types.

  • CVE-2008-0792Feb 15, 2008
    risk 0.00cvss epss 0.02

    Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.

  • CVE-2008-0793Feb 15, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) searchtext, (3) jobcategoryid, (4) contactcompany, and unspecified other parameters. NOTE: some of these…

  • CVE-2008-0794Feb 15, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in user/header.php in Affiliate Market 0.1 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

  • CVE-2008-0642MedFeb 15, 2008
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a…

  • CVE-2008-0787Feb 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.

  • CVE-2008-0788Feb 15, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the…

  • CVE-2008-0783Feb 14, 2008
    risk 0.03cvss epss 0.05

    Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action…

  • CVE-2008-0784Feb 14, 2008
    risk 0.00cvss epss 0.02

    graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.

  • CVE-2008-0785Feb 14, 2008
    risk 0.03cvss epss 0.03

    Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id…

  • CVE-2008-0786Feb 14, 2008
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

  • CVE-2008-0780Feb 14, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.

  • CVE-2008-0781Feb 14, 2008
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.

  • CVE-2008-0782Feb 14, 2008
    risk 0.04cvss epss 0.15

    Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks…

  • CVE-2008-0026Feb 14, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.

  • CVE-2008-0778Feb 14, 2008
    risk 0.04cvss epss 0.09

    Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3)…

  • CVE-2008-0779Feb 14, 2008
    risk 0.00cvss epss 0.00

    The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request.

  • CVE-2008-0769Feb 14, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input.

  • CVE-2008-0770Feb 14, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the g_display_order cookie parameter.

  • CVE-2008-0771Feb 14, 2008
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in default.asp in Site2Nite allow remote attackers to execute arbitrary SQL commands via the (1) txtUserName and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.

  • CVE-2008-0772Feb 14, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task.

  • CVE-2008-0773Feb 14, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-0774Feb 14, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel Reservation System 3.01 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the hotel_name parameter. NOTE: the provenance of this information is unknown; the details are…

  • CVE-2008-0775Feb 14, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desired script, and end with ";".

  • CVE-2008-0776Feb 14, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.

  • CVE-2008-0768Feb 13, 2008
    risk 0.00cvss epss 0.04

    Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.

  • CVE-2007-6148Feb 13, 2008
    risk 0.01cvss epss 0.08

    Use-after-free vulnerability in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to execute arbitrary code via an unspecified sequence of Real Time Message Protocol (RTMP) requests.

  • CVE-2007-6149Feb 13, 2008
    risk 0.01cvss epss 0.12

    Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allow remote attackers to execute arbitrary code via a Real Time Message Protocol (RTMP) message with a crafted integer field that is used for…

  • CVE-2007-6431Feb 13, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to "take control of the affected system" via unspecified vectors, a different issue than CVE-2007-6148 and CVE-2007-6149.

  • CVE-2007-6701Feb 13, 2008
    risk 0.01cvss epss 0.07

    Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than…

  • CVE-2008-0639Feb 13, 2008
    risk 0.02cvss epss 0.23

    Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than…

  • CVE-2008-0658Feb 13, 2008
    risk 0.00cvss epss 0.03

    slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.