VYPR

CVEs

344,846 total · page 6325 of 6,897

  • CVE-2008-0232Jan 11, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or the (2) f or t parameters to forums/index.php.

  • CVE-2007-6680Jan 10, 2008
    risk 0.00cvss epss 0.00

    Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy.

  • CVE-2008-0218Jan 10, 2008
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in admin/index.html in Merak IceWarp Mail Server allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third…

  • CVE-2008-0219Jan 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920.

  • CVE-2008-0220Jan 10, 2008
    risk 0.04cvss epss 0.16

    Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allow remote attackers to execute arbitrary code via a long string in the (1) second or (2) fourth argument to the DoWebLaunch…

  • CVE-2008-0221Jan 10, 2008
    risk 0.03cvss epss 0.06

    Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch…

  • CVE-2008-0222Jan 10, 2008
    risk 0.04cvss epss 0.08

    Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors.

  • CVE-2008-0223Jan 10, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file.

  • CVE-2008-0224Jan 10, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter.

  • CVE-2008-0225Jan 10, 2008
    risk 0.04cvss epss 0.15

    Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to…

  • CVE-2008-0226Jan 10, 2008
    risk 0.10cvss epss 0.92

    Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

  • CVE-2008-0227Jan 10, 2008
    risk 0.00cvss epss 0.02

    yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.

  • CVE-2008-0228Jan 10, 2008
    risk 0.00cvss epss 0.03

    Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators.

  • CVE-2008-0229Jan 10, 2008
    risk 0.00cvss epss 0.03

    The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access.

  • CVE-2007-6679Jan 10, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also…

  • CVE-2007-6677Jan 10, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form.

  • CVE-2008-0127Jan 10, 2008
    risk 0.04cvss epss 0.09

    The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet.

  • CVE-2008-0190Jan 10, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in templates/example_template.php in AwesomeTemplateEngine allow remote attackers to inject arbitrary web script or HTML via the (1) data[title], (2) data[message], (3) data[table][1][item], (4) data[table][1][url], or (5)…

  • CVE-2008-0191Jan 10, 2008
    risk 0.00cvss epss 0.03

    WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure.

  • CVE-2008-0192Jan 10, 2008
    risk 0.00cvss epss 0.05

    Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.

  • CVE-2008-0193Jan 10, 2008
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php.

  • CVE-2008-0194Jan 10, 2008
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to…

  • CVE-2008-0195Jan 10, 2008
    risk 0.00cvss epss 0.03

    WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.

  • CVE-2008-0196Jan 10, 2008
    risk 0.00cvss epss 0.03

    Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by…

  • CVE-2008-0197Jan 10, 2008
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wpcf_email, (2) wpcf_subject, (3)…

  • CVE-2008-0198Jan 10, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or…

  • CVE-2008-0199Jan 10, 2008
    risk 0.00cvss epss 0.02

    PRO-Search 0.17 and earlier allows remote attackers to cause a denial of service via certain values of the show_page and time parameters to the default URI.

  • CVE-2008-0200Jan 10, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in account/index.html in RotaBanner Local 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) drop parameter.

  • CVE-2008-0201Jan 10, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter.

  • CVE-2008-0202Jan 10, 2008
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.

  • CVE-2008-0203Jan 10, 2008
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3) bgimg, (4) charR, (5) charG, (6)…

  • CVE-2008-0204Jan 10, 2008
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) mcsp_opt_msg_no_answer or (2)…

  • CVE-2008-0205Jan 10, 2008
    risk 0.00cvss epss 0.02

    Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) mcsp_opt_msg_no_answer or (2)…

  • CVE-2008-0206Jan 10, 2008
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) captcha_ttffolder, (2) captcha_numchars, (3) captcha_ttfrange, or (4)…

  • CVE-2008-0207Jan 10, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prot, (2) host, (3) path, (4) name, (5) ext, (6) size, (7) search_days, or (8) show_page parameter to the default URI.

  • CVE-2008-0208Jan 10, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter.

  • CVE-2008-0209Jan 10, 2008
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter.

  • CVE-2008-0210Jan 10, 2008
    risk 0.03cvss epss 0.02

    Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal…

  • CVE-2007-0012Jan 9, 2008
    risk 0.00cvss epss 0.02

    Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed…

  • CVE-2007-6250Jan 9, 2008
    risk 0.02cvss epss 0.24

    Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by AmpX ActiveX control (AmpX.dll), might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method.

  • CVE-2007-6531Jan 9, 2008
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow (over-read) in the xfce_mkdirhier function was also reported, but it might not be…

  • CVE-2007-6532Jan 9, 2008
    risk 0.00cvss epss 0.04

    Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management."

  • CVE-2007-5762Jan 9, 2008
    risk 0.03cvss epss 0.01

    NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.

  • CVE-2008-0184Jan 9, 2008
    risk 0.03cvss epss 0.02

    Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter.

  • CVE-2008-0185Jan 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php).

  • CVE-2008-0186Jan 9, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to CVE-2008-0144.

  • CVE-2008-0187Jan 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the songid parameter.

  • CVE-2007-4769Jan 9, 2008
    risk 0.00cvss epss 0.04

    The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

  • CVE-2007-4772Jan 9, 2008
    risk 0.00cvss epss 0.04

    The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

  • CVE-2007-5401Jan 9, 2008
    risk 0.00cvss epss 0.01

    Unrestricted file upload vulnerability in uploadrequest.asp in Layton HelpBox 3.7.1 allows remote authenticated users to upload and execute arbitrary ASP files, related to not properly checking file extensions.