VYPR

CVEs

344,841 total · page 6329 of 6,897

  • CVE-2007-6576Dec 28, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) videolink_count.php or (2) links.php.

  • CVE-2007-6577Dec 28, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the categ parameter in a categ action or (2) the article parameter in an articles action.

  • CVE-2007-6578Dec 28, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-6579Dec 28, 2007
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id…

  • CVE-2007-6580Dec 28, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to editadgroup.php.

  • CVE-2007-6581Dec 28, 2007
    risk 0.03cvss epss 0.04

    Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4)…

  • CVE-2007-6582Dec 28, 2007
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action.

  • CVE-2007-6583Dec 28, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter.

  • CVE-2007-6584Dec 28, 2007
    risk 0.04cvss epss 0.09

    Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to…

  • CVE-2007-6585Dec 28, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter.

  • CVE-2007-6586Dec 28, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php.

  • CVE-2007-6587Dec 28, 2007
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-6588Dec 28, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2007-6589Dec 28, 2007
    risk 0.00cvss epss 0.01

    The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a…

  • CVE-2007-6591Dec 28, 2007
    risk 0.00cvss epss 0.01

    KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the…

  • CVE-2007-6592Dec 28, 2007
    risk 0.00cvss epss 0.01

    Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into…

  • CVE-2007-6593Dec 28, 2007
    risk 0.04cvss epss 0.06

    Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3…

  • CVE-2007-6594Dec 28, 2007
    risk 0.00cvss epss 0.00

    IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan…

  • CVE-2007-6543Dec 28, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-6544Dec 28, 2007
    risk 0.03cvss epss 0.04

    Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6)…

  • CVE-2007-6545Dec 28, 2007
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPageNav…

  • CVE-2007-6546Dec 28, 2007
    risk 0.03cvss epss 0.03

    RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.

  • CVE-2007-6547Dec 28, 2007
    risk 0.03cvss epss 0.02

    RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session.

  • CVE-2007-6548Dec 28, 2007
    risk 0.04cvss epss 0.08

    Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter…

  • CVE-2007-6549Dec 28, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using."

  • CVE-2007-6550Dec 28, 2007
    risk 0.04cvss epss 0.07

    form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter.

  • CVE-2007-6551Dec 28, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-6552Dec 28, 2007
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php…

  • CVE-2007-6553Dec 28, 2007
    risk 0.03cvss epss 0.04

    Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php,…

  • CVE-2007-6554Dec 28, 2007
    risk 0.04cvss epss 0.07

    Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php.

  • CVE-2007-6555Dec 28, 2007
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.

  • CVE-2007-6556Dec 28, 2007
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp.

  • CVE-2007-6557Dec 28, 2007
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors.

  • CVE-2007-6558Dec 28, 2007
    risk 0.03cvss epss 0.06

    TotalPlayer 3.0 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .m3u file. NOTE: this might be a duplicate of CVE-2006-6288.

  • CVE-2007-6559Dec 28, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php.

  • CVE-2007-6560Dec 28, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) the conf parameter to index.php.

  • CVE-2007-6561Dec 28, 2007
    risk 0.04cvss epss 0.07

    Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow in the pdc_fsearch_fopen function, and possibly other vectors.

  • CVE-2007-6562Dec 28, 2007
    risk 0.00cvss epss 0.02

    Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2)…

  • CVE-2007-6563Dec 28, 2007
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE archive.

  • CVE-2007-6564Dec 28, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter.

  • CVE-2007-6533Dec 27, 2007
    risk 0.04cvss epss 0.12

    Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file, which causes an overflow in Unicode handling when generating an error message.

  • CVE-2007-6534Dec 27, 2007
    risk 0.01cvss epss 0.11

    Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart.

  • CVE-2007-6535Dec 27, 2007
    risk 0.00cvss epss 0.02

    Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method.

  • CVE-2007-6536Dec 27, 2007
    risk 0.00cvss epss 0.01

    The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users…

  • CVE-2007-6537Dec 27, 2007
    risk 0.04cvss epss 0.06

    Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a (1) gz, (2) adz, (3) roz, or (4) hdz archive in a compressed floppy…

  • CVE-2007-6538Dec 27, 2007
    risk 0.03cvss epss 0.04

    SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-6539Dec 27, 2007
    risk 0.03cvss epss 0.02

    PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter.

  • CVE-2007-6540Dec 27, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/.

  • CVE-2007-6541Dec 27, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) newsyear or (3) newsmonth parameter in a newsarchive action to the default URI in…

  • CVE-2007-6542Dec 27, 2007
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in admin/frontpage_right.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.