VYPR

CVEs

344,908 total · page 6322 of 6,899

  • CVE-2008-0426Jan 23, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PacerCMS before 0.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) headline, or (3) text field in a message.

  • CVE-2008-0427Jan 23, 2008
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

  • CVE-2008-0428Jan 23, 2008
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php.

  • CVE-2008-0429Jan 23, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.

  • CVE-2008-0430Jan 23, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter.

  • CVE-2008-0431Jan 23, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter.

  • CVE-2008-0432Jan 23, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

  • CVE-2008-0433Jan 23, 2008
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614.

  • CVE-2008-0434Jan 23, 2008
    risk 0.04cvss epss 0.10

    Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command.

  • CVE-2008-0435Jan 23, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action.

  • CVE-2008-0436Jan 23, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp in PD9 Software MegaBBS 1.5.14b allows remote attackers to inject arbitrary web script or HTML via the target parameter.

  • CVE-2008-0437Jan 23, 2008
    risk 0.08cvss epss 0.58

    Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or…

  • CVE-2008-0438Jan 23, 2008
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the font rendering functionality in Novemberborn sIFR 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the txt parameter to a Flash (SWF) file, as demonstrated by fonts/FuturaLt.swf.

  • CVE-2008-0439Jan 23, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter.

  • CVE-2007-6425Jan 23, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors.

  • CVE-2008-0028Jan 23, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a…

  • CVE-2008-0029Jan 23, 2008
    risk 0.00cvss epss 0.02

    Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges.

  • CVE-2008-0421Jan 23, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command.

  • CVE-2008-0394Jan 23, 2008
    risk 0.04cvss epss 0.12

    Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information.

  • CVE-2008-0395Jan 23, 2008
    risk 0.00cvss epss 0.01

    Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal.

  • CVE-2008-0396Jan 23, 2008
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.

  • CVE-2008-0397Jan 23, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to comments.php and (2) an unspecified parameter to view.php.

  • CVE-2008-0398Jan 23, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form.

  • CVE-2008-0399Jan 23, 2008
    risk 0.04cvss epss 0.08

    Multiple buffer overflows in Toshiba Surveillance (Surveillix) RecordSend ActiveX control (MeIpCamX.DLL 1.0.0.4) allow remote attackers to execute arbitrary code via long arguments to the (1) SetPort and (2) SetIpAddress methods.

  • CVE-2008-0400Jan 23, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php.

  • CVE-2008-0401Jan 23, 2008
    risk 0.01cvss epss 0.08

    Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request…

  • CVE-2008-0402Jan 23, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not…

  • CVE-2008-0403Jan 23, 2008
    risk 0.03cvss epss 0.03

    The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi.

  • CVE-2008-0404Jan 23, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.

  • CVE-2008-0392Jan 23, 2008
    risk 0.05cvss epss 0.30

    Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line.

  • CVE-2008-0393Jan 23, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361.

  • CVE-2008-0128Jan 23, 2008
    risk 0.02cvss epss 0.20

    The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to…

  • CVE-2008-0388Jan 23, 2008
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI.

  • CVE-2008-0389Jan 23, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors.

  • CVE-2008-0390Jan 23, 2008
    risk 0.03cvss epss 0.02

    stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php.

  • CVE-2008-0391Jan 23, 2008
    risk 0.03cvss epss 0.02

    inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters.

  • CVE-2008-0065Jan 22, 2008
    risk 0.08cvss epss 0.61

    Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles.

  • CVE-2008-0370Jan 22, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2008-0371Jan 22, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands…

  • CVE-2008-0372Jan 22, 2008
    risk 0.03cvss epss 0.03

    8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request.

  • CVE-2008-0373Jan 22, 2008
    risk 0.00cvss epss 0.02

    Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files.

  • CVE-2008-0374HigJan 22, 2008
    risk 0.49cvss 7.5epss 0.02

    OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777.

  • CVE-2008-0375Jan 22, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors.

  • CVE-2008-0376Jan 22, 2008
    risk 0.06cvss epss 0.32

    PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter.

  • CVE-2008-0377Jan 22, 2008
    risk 0.00cvss epss 0.03

    MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php.

  • CVE-2008-0378Jan 22, 2008
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname.

  • CVE-2008-0379Jan 22, 2008
    risk 0.04cvss epss 0.09

    Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer…

  • CVE-2008-0380Jan 22, 2008
    risk 0.04cvss epss 0.13

    Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property.

  • CVE-2008-0381Jan 22, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files.

  • CVE-2008-0382Jan 22, 2008
    risk 0.06cvss epss 0.42

    Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.