VYPR

CVEs

344,766 total · page 6348 of 6,896

  • CVE-2007-5562Oct 18, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an error page.

  • CVE-2007-5563Oct 18, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors.

  • CVE-2007-5564Oct 18, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in NSSboard (formerly Simple PHP Forum) 6.1 allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags when BBcode is disabled; or the (2) user, (3) email, or (4) Real Name fields in a profile.

  • CVE-2007-5473Oct 18, 2007
    risk 0.00cvss epss 0.01

    StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.

  • CVE-2007-5476Oct 18, 2007
    risk 0.01cvss epss 0.09

    Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors.

  • CVE-2007-5493Oct 18, 2007
    risk 0.00cvss epss 0.04

    The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded.

  • CVE-2007-5535Oct 18, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown impact and attack vectors.

  • CVE-2007-5536Oct 18, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.

  • CVE-2007-5537Oct 18, 2007
    risk 0.00cvss epss 0.02

    Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka…

  • CVE-2007-5538Oct 18, 2007
    risk 0.00cvss epss 0.06

    Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified…

  • CVE-2007-5539Oct 18, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote…

  • CVE-2007-5540Oct 18, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.

  • CVE-2007-5541Oct 18, 2007
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors.

  • CVE-2007-5488Oct 17, 2007
    risk 0.03cvss epss 0.03

    Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.

  • CVE-2007-5504Oct 17, 2007
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and 10.1.0.5 unknown impact and remote attack vectors, related to (1) Import (DB01) and (2) Advanced Queuing (DB25). NOTE: as of 20071108, Oracle has not disputed reliable researcher claims that DB25 is for a…

  • CVE-2007-5505Oct 17, 2007
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to (1) the Export component (DB02), (2) Oracle Text (DB04), (3) Oracle Text (DB05), (4) Spatial component (DB07),…

  • CVE-2007-5506Oct 17, 2007
    risk 0.00cvss epss 0.03

    The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20.

  • CVE-2007-5507Oct 17, 2007
    risk 0.00cvss epss 0.03

    The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an…

  • CVE-2007-5508Oct 17, 2007
    risk 0.03cvss epss 0.05

    Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER,…

  • CVE-2007-5509Oct 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8 and 9.2.0.8DV has unknown impact and remote attack vectors, aka DB06.

  • CVE-2007-5510Oct 17, 2007
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the Workspace Manager component in Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 have unknown impact and remote attack vectors, aka (1) DB08, (2) DB09, (3) DB10, (4) DB11, (5) DB12, (6) DB13, (7) DB14, (8) DB15,…

  • CVE-2007-5511Oct 17, 2007
    risk 0.06cvss epss 0.32

    SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but…

  • CVE-2007-5512Oct 17, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV and 10.2.0.3 has unknown impact and remote attack vectors, aka DB21.

  • CVE-2007-5513Oct 17, 2007
    risk 0.00cvss epss 0.03

    The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries,…

  • CVE-2007-5514Oct 17, 2007
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to (1) Database Vault component (DB24) and (2) SQL Execution component (DB26).

  • CVE-2007-5515Oct 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB27.

  • CVE-2007-5516Oct 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Process Mgmt & Notification component in Oracle Application Server 10.1.3.3 has unknown impact and remote attack vectors, aka AS01.

  • CVE-2007-5517Oct 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2 and 10.1.4.1, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS02.

  • CVE-2007-5518Oct 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle HTTP Server component in Oracle Application Server 10.1.3.2 has unknown impact and remote attack vectors, aka AS03.

  • CVE-2007-5519Oct 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS04.

  • CVE-2007-5520Oct 17, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8 and 9.2.0.8DV, and Oracle Application Server 9.0.4.3, 10.1.3.0.0 up to 10.1.3.3.0, and 10.1.2.0.1 up to 10.1.2.2.0, has unknown impact and remote attack vectors, aka AS05.

  • CVE-2007-5521Oct 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.3.3, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS06.

  • CVE-2007-5522Oct 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.4.1 has unknown impact and remote attack vectors, aka AS07.

  • CVE-2007-5523Oct 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.4.0, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS08.

  • CVE-2007-5524Oct 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS09 or AS9.

  • CVE-2007-5525Oct 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.4.0.1; Collaboration Suite 10.1.2; and Enterprise Manager 10.1.2 has unknown impact and remote attack vectors, aka AS10.

  • CVE-2007-5526Oct 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2, 10.1.2.2, and 10.1.4.1, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS11.

  • CVE-2007-5527Oct 17, 2007
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and remote attack vectors, related to (1) Application Object Library component (APP01), (2) Contracts Integration (APP02), (3) Applications Manager (APP04), (4) Marketing component…

  • CVE-2007-5528Oct 17, 2007
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 have unknown impact and attack vectors related to (1) Public Sector Human Resources (APP03) and (2) Quoting component (APP06).

  • CVE-2007-5529Oct 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Self-Service Web Applications component in client-only installations of Oracle E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka APP08.

  • CVE-2007-5530Oct 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Database Control component in Oracle Database 10.1.0.5 and 10.2.0.3, and Enterprise Manager, has unknown impact and remote attack vectors, aka EM01.

  • CVE-2007-5531Oct 17, 2007
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager 10.1.0.6, has unknown impact and remote attack vectors, aka EM02.

  • CVE-2007-5532Oct 17, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the People Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.17, 8.47.14, 8.48.13, 8.49.05 has unknown impact and remote attack vectors, aka PSE01.

  • CVE-2007-5533Oct 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the People Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.14, 8.48.13, 8.49.05 has unknown impact and remote attack vectors, aka PSE02.

  • CVE-2007-5534Oct 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the HCM component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 Bundle 13 9.0 Bundle 3 has unknown impact and remote attack vectors, aka PSE_HCM01.

  • CVE-2007-5491Oct 17, 2007
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter.

  • CVE-2007-5492Oct 17, 2007
    risk 0.00cvss epss 0.01

    Static code injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter.

  • CVE-2007-5489Oct 17, 2007
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

  • CVE-2007-5490Oct 17, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in default.asp in Okul Otomasyon Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-4343Oct 16, 2007
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows user-assisted remote attackers to execute arbitrary code via a crafted palette (.pal) file.