VYPR

CVEs

344,930 total · page 6317 of 6,899

  • CVE-2008-0678Feb 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action.

  • CVE-2008-0679Feb 12, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

  • CVE-2008-0680Feb 12, 2008
    risk 0.04cvss epss 0.07

    SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request.

  • CVE-2008-0681Feb 12, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action.

  • CVE-2008-0682Feb 12, 2008
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-0683Feb 12, 2008
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in shiftthis-preview.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter.

  • CVE-2008-0684Feb 12, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to inject arbitrary web script or HTML via the CatID parameter.

  • CVE-2008-0685Feb 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.

  • CVE-2008-0686Feb 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.

  • CVE-2008-0687Feb 12, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in siteadmin/editor_files/includes/load_message.php in the Youtube Clone Script allows remote attackers to inject arbitrary web script or HTML via the lang[please_wait] parameter.

  • CVE-2008-0688Feb 12, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript Domain Trader 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a viewcategory action.

  • CVE-2008-0689Feb 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Marketplace (com_marketplace) 1.1.1 and 1.1.1-pl1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_category action.

  • CVE-2008-0690Feb 12, 2008
    risk 0.04cvss epss 0.09

    SQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action.

  • CVE-2008-0691Feb 12, 2008
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2)…

  • CVE-2008-0692Feb 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.

  • CVE-2008-0693Feb 12, 2008
    risk 0.00cvss epss 0.02

    Stack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 Client Billing and Authentication 7.0.127.16 allows remote attackers to cause a denial of service (service outage) via a series of long packets to TCP port 48101.

  • CVE-2008-0694Feb 12, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header.

  • CVE-2008-0695Feb 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in BookmarkX script 2007 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a showtopic action.

  • CVE-2008-0696Feb 12, 2008
    risk 0.00cvss epss 0.01

    IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors.

  • CVE-2008-0697Feb 12, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors.

  • CVE-2008-0698Feb 12, 2008
    risk 0.00cvss epss 0.02

    Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access."

  • CVE-2008-0699Feb 12, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.

  • CVE-2008-0700Feb 12, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.php in Crux Software CruxCMS 3.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-0701Feb 12, 2008
    risk 0.00cvss epss 0.01

    ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content.

  • CVE-2008-0702Feb 12, 2008
    risk 0.04cvss epss 0.08

    Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than…

  • CVE-2008-0703Feb 12, 2008
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) permalink or (2) section parameter to index.php, possibly involving includes/entries.inc.php and other files included by index.php.

  • CVE-2008-0665Feb 11, 2008
    risk 0.00cvss epss 0.00

    wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.

  • CVE-2008-0666Feb 11, 2008
    risk 0.00cvss epss 0.00

    Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.

  • CVE-2008-0667Feb 11, 2008
    risk 0.01cvss epss 0.07

    The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be…

  • CVE-2008-0668Feb 11, 2008
    risk 0.00cvss epss 0.05

    The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to…

  • CVE-2008-0593Feb 9, 2008
    risk 0.00cvss epss 0.02

    Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information…

  • CVE-2008-0594Feb 9, 2008
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.

  • CVE-2008-0591Feb 9, 2008
    risk 0.00cvss epss 0.04

    Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the…

  • CVE-2008-0592Feb 9, 2008
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future…

  • CVE-2008-0412Feb 8, 2008
    risk 0.00cvss epss 0.03

    The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2)…

  • CVE-2008-0413Feb 8, 2008
    risk 0.00cvss epss 0.02

    The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and…

  • CVE-2008-0414Feb 8, 2008
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."

  • CVE-2008-0415Feb 8, 2008
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript…

  • CVE-2008-0417Feb 8, 2008
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password.

  • CVE-2008-0418Feb 8, 2008
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated…

  • CVE-2008-0419Feb 8, 2008
    risk 0.00cvss epss 0.04

    Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.

  • CVE-2008-0007Feb 8, 2008
    risk 0.00cvss epss 0.00

    Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.

  • CVE-2008-0043Feb 8, 2008
    risk 0.00cvss epss 0.04

    Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions.

  • CVE-2008-0214Feb 8, 2008
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to gain access via unknown vectors.

  • CVE-2008-0554Feb 8, 2008
    risk 0.00cvss epss 0.04

    Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.

  • CVE-2008-0640Feb 8, 2008
    risk 0.00cvss epss 0.03

    Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.

  • CVE-2008-0659Feb 8, 2008
    risk 0.08cvss epss 0.56

    Stack-based buffer overflow in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.5.70 and earlier, as used in MySpace MySpaceUploader.ocx 1.0.0.4, allows remote attackers to execute arbitrary code via a long Action property.

  • CVE-2008-0660Feb 8, 2008
    risk 0.06cvss epss 0.38

    Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1)…

  • CVE-2008-0661Feb 8, 2008
    risk 0.03cvss epss 0.05

    Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569.

  • CVE-2008-0662HigFeb 8, 2008
    risk 0.51cvss 7.8epss 0.00

    The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing…