VYPR

CVEs

344,846 total · page 6326 of 6,897

  • CVE-2007-5402Jan 9, 2008
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow (1) remote attackers to execute arbitrary SQL commands via the sys_request_id parameter to editrequestenduser.asp; and allow remote authenticated users to execute arbitrary SQL commands via (2) the oldpassword…

  • CVE-2007-5403Jan 9, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Filter field to…

  • CVE-2007-5404Jan 9, 2008
    risk 0.00cvss epss 0.01

    Layton HelpBox 3.7.1 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames.

  • CVE-2007-5616Jan 9, 2008
    risk 0.00cvss epss 0.01

    ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors.

  • CVE-2007-6067Jan 9, 2008
    risk 0.00cvss epss 0.04

    Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption)…

  • CVE-2007-6600Jan 9, 2008
    risk 0.00cvss epss 0.03

    PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION…

  • CVE-2007-6601Jan 9, 2008
    risk 0.00cvss epss 0.02

    The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists…

  • CVE-2007-5665Jan 9, 2008
    risk 0.00cvss epss 0.00

    STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diagnostic reports, which allows local users to gain privileges, as demonstrated by…

  • CVE-2007-5761Jan 9, 2008
    risk 0.00cvss epss 0.00

    The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\.\NantSys device interface (nantsys.sys), which allows local users to gain privileges or cause a denial of service (system crash), as demonstrated by modifying the…

  • CVE-2008-0147Jan 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action.

  • CVE-2008-0148Jan 9, 2008
    risk 0.03cvss epss 0.06

    TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.

  • CVE-2008-0149Jan 9, 2008
    risk 0.04cvss epss 0.08

    TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function.

  • CVE-2008-0150Jan 9, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access.

  • CVE-2008-0151Jan 9, 2008
    risk 0.04cvss epss 0.09

    Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options.

  • CVE-2008-0152Jan 9, 2008
    risk 0.00cvss epss 0.02

    SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unspecified telnet options, which triggers a NULL pointer dereference. NOTE: the crash is not user-assisted when the server is…

  • CVE-2008-0153Jan 9, 2008
    risk 0.04cvss epss 0.13

    telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers to cause a denial of service (process crash and resource exhaustion) via a crafted TELOPT PRAGMA LOGON telnet option, which triggers a NULL pointer dereference.

  • CVE-2008-0154Jan 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execute arbitrary SQL commands the c parameter.

  • CVE-2008-0155Jan 9, 2008
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter.

  • CVE-2008-0156Jan 9, 2008
    risk 0.00cvss epss 0.01

    Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter.

  • CVE-2008-0157Jan 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie.

  • CVE-2008-0158Jan 9, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter.

  • CVE-2008-0159Jan 9, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie.

  • CVE-2007-0066Jan 8, 2008
    risk 0.03cvss epss 0.32

    The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel…

  • CVE-2007-0069Jan 8, 2008
    risk 0.04cvss epss 0.49

    Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka…

  • CVE-2007-5352Jan 8, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.

  • CVE-2007-5360Jan 8, 2008
    risk 0.01cvss epss 0.15

    Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a…

  • CVE-2008-0003Jan 8, 2008
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown…

  • CVE-2007-6421Jan 8, 2008
    risk 0.01cvss epss 0.08

    Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

  • CVE-2007-6674Jan 8, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attackers to inject arbitrary web script or HTML via the Arayalim parameter.

  • CVE-2007-6675Jan 8, 2008
    risk 0.00cvss epss 0.01

    The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules.

  • CVE-2007-6676Jan 8, 2008
    risk 0.00cvss epss 0.01

    The default configuration of Uber Uploader (UU) 5.3.6 and earlier does not block uploads of (1) .html, (2) .asp, and other possibly dangerous extensions, which allows remote attackers to use these extensions in uploads via (a) uu_file_upload.php, related to uu_file_upload.js and…

  • CVE-2008-0133Jan 8, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to cat_main.php and the (2) cat parameter to forum.php in a liste action.

  • CVE-2008-0134Jan 8, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter.

  • CVE-2008-0135Jan 8, 2008
    risk 0.03cvss epss 0.02

    Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.

  • CVE-2008-0136Jan 8, 2008
    risk 0.00cvss epss 0.01

    Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path.

  • CVE-2008-0137Jan 8, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.

  • CVE-2008-0138Jan 8, 2008
    risk 0.03cvss epss 0.05

    PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.

  • CVE-2008-0139Jan 8, 2008
    risk 0.05cvss epss 0.22

    Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter.

  • CVE-2008-0140Jan 8, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172.

  • CVE-2008-0141HigJan 8, 2008
    risk 0.52cvss 7.5epss 0.04

    actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action.

  • CVE-2008-0142Jan 8, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors.

  • CVE-2008-0143Jan 8, 2008
    risk 0.04cvss epss 0.06

    PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter.

  • CVE-2008-0144Jan 8, 2008
    risk 0.07cvss epss 0.45

    PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences.

  • CVE-2008-0145Jan 8, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663.

  • CVE-2008-0146Jan 8, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the top-level URI.

  • CVE-2007-6388Jan 8, 2008
    risk 0.06cvss epss 0.76

    Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-6422Jan 8, 2008
    risk 0.01cvss epss 0.10

    The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.

  • CVE-2007-6671Jan 8, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021. NOTE: some of these details are obtained from third party information.

  • CVE-2007-6672Jan 8, 2008
    risk 0.00cvss epss 0.04

    Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI.

  • CVE-2007-6673Jan 8, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action.