VYPR

CVEs

344,766 total · page 6349 of 6,896

  • CVE-2007-5477Oct 16, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod 0.48 Half-Life Dedicated Server plugin allows remote attackers to inject arbitrary web script or HTML via the redir parameter.

  • CVE-2007-5478Oct 16, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in projects in Nabh Stringbeans Portal (sbportal) 3.2 allows remote attackers to inject arbitrary web script or HTML via the project_name parameter.

  • CVE-2007-5479Oct 16, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Search.asp in Xcomputer allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter.

  • CVE-2007-5480Oct 16, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge InnovaShop allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to msg.jsp, and the (2) contentid parameter to tc/contents/home001.jsp.

  • CVE-2007-5481Oct 16, 2007
    risk 0.00cvss epss 0.01

    Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote attackers to cause a denial of service (crash) via a "SOCKS flood."

  • CVE-2007-5482Oct 16, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service (I/O request timeout and device hang) via unspecified vectors.

  • CVE-2007-5483Oct 16, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Administrative Scripting Tools (such as wsadmin or ANT) in IBM WebSphere Application Server 5.x and 6.0.x has unknown impact and attack vectors.

  • CVE-2007-5484Oct 16, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in wxis.exe in WWWISIS 7.1 allows local users to read arbitrary files via a .. (dot dot) in the IsisScript parameter to iah.

  • CVE-2007-5485Oct 16, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter.

  • CVE-2007-5486Oct 16, 2007
    risk 0.00cvss epss 0.01

    dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information.

  • CVE-2007-5487Oct 16, 2007
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a long URL in an EXTM3U section of a .m3u file.

  • CVE-2007-5468Oct 16, 2007
    risk 0.00cvss epss 0.02

    Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and…

  • CVE-2007-5469Oct 16, 2007
    risk 0.00cvss epss 0.02

    OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication…

  • CVE-2007-5470Oct 16, 2007
    risk 0.00cvss epss 0.02

    Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file.

  • CVE-2007-5471Oct 16, 2007
    risk 0.00cvss epss 0.03

    libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects…

  • CVE-2007-5465Oct 15, 2007
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter to an unspecified component.

  • CVE-2007-5466Oct 15, 2007
    risk 0.05cvss epss 0.20

    Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the…

  • CVE-2007-5467Oct 15, 2007
    risk 0.04cvss epss 0.14

    Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove…

  • CVE-2007-5460MedOct 15, 2007
    risk 0.30cvss 4.6epss 0.02

    Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained…

  • CVE-2007-5462Oct 15, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial…

  • CVE-2007-5463Oct 15, 2007
    risk 0.00cvss epss 0.01

    ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than…

  • CVE-2007-5464Oct 15, 2007
    risk 0.03cvss epss 0.04

    Stack-based buffer overflow in Live for Speed 0.5X10 and earlier allows remote authenticated users to cause a denial of service (client crash) and possibly execute arbitrary code via a long skin name.

  • CVE-2007-5461Oct 15, 2007
    risk 0.00cvss epss 0.40

    Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity…

  • CVE-2007-5457Oct 14, 2007
    risk 0.06cvss epss 0.38

    Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1)…

  • CVE-2007-5458Oct 14, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsletter parameter.

  • CVE-2007-5459Oct 14, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the sidebar HTML page in the MouseoverDictionary before 0.6.2 extension for Mozilla Firefox allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-5195Oct 14, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196.

  • CVE-2007-5196Oct 14, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195.

  • CVE-2007-5200Oct 14, 2007
    risk 0.00cvss epss 0.00

    hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file.

  • CVE-2007-5441Oct 14, 2007
    risk 0.00cvss epss 0.01

    CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin…

  • CVE-2007-5442Oct 14, 2007
    risk 0.00cvss epss 0.01

    CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors.

  • CVE-2007-5443Oct 14, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) the anchor tag and (2) listtags.

  • CVE-2007-5444Oct 14, 2007
    risk 0.00cvss epss 0.01

    CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files.

  • CVE-2007-5445Oct 14, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in the DB Software Laboratory VImpX (VImpAX1) ActiveX control in VImpX.ocx 4.7.3.0 allows remote attackers to execute arbitrary code via a long RejectedRecordsFile parameter, a different vector than CVE-2007-2667.

  • CVE-2007-5446Oct 14, 2007
    risk 0.03cvss epss 0.06

    Absolute path traversal vulnerability in a certain ActiveX control in PBEmail7Ax.dll in PBEmail 7 ActiveX Edition allows remote attackers to create or overwrite arbitrary files via a full pathname in the XmlFilePath argument to the SaveSenderToXml method.

  • CVE-2007-5447Oct 14, 2007
    risk 0.03cvss epss 0.05

    ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the…

  • CVE-2007-5448Oct 14, 2007
    risk 0.00cvss epss 0.02

    Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service (panic) via a beacon frame with a large length value in the extended supported rates (xrates) element, which triggers an assertion error, related to net80211/ieee80211_scan_ap.c and…

  • CVE-2007-5449Oct 14, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in searchresult.php in Softbiz Recipes Portal Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.

  • CVE-2007-5450Oct 14, 2007
    risk 0.03cvss epss 0.05

    Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.

  • CVE-2007-5451Oct 14, 2007
    risk 0.06cvss epss 0.31

    PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

  • CVE-2007-5452Oct 14, 2007
    risk 0.03cvss epss 0.03

    Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) ip or (2) t parameter.

  • CVE-2007-5453Oct 14, 2007
    risk 0.03cvss epss 0.04

    Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2)…

  • CVE-2007-5454Oct 14, 2007
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in index.php in PHP File Sharing System 1.5.1 allows remote attackers to list or create arbitrary directories, or delete arbitrary files, as demonstrated by listing directories via a .. (dot dot) in the cam parameter.

  • CVE-2007-5455Oct 14, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in wxis.exe in WWWISIS 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a call to the iah/iah.xis IsisScript code, possibly involving the lang or exprSearch parameter.

  • CVE-2007-5456Oct 14, 2007
    risk 0.02cvss epss 0.20

    Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt,…

  • CVE-2007-5440Oct 14, 2007
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in CRS Manager allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) index.php or (2) login.php. NOTE: this issue is disputed by CVE, since DOCUMENT_ROOT cannot be modified by an…

  • CVE-2007-4995Oct 13, 2007
    risk 0.01cvss epss 0.11

    Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2007-5435Oct 13, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.2 might allow user-assisted remote attackers to cause a denial of service via a crafted Data Standards File (Datatype Standards File).

  • CVE-2007-5436Oct 13, 2007
    risk 0.00cvss epss 0.05

    Buffer overflow in a certain ActiveX control in ScanObjectBrowser.DLL in G DATA Antivirus 2007 might allow remote attackers to execute arbitrary code via unspecified parameters to the SelectPath function. NOTE: this issue might not cross privilege boundaries in most…

  • CVE-2007-5437Oct 13, 2007
    risk 0.00cvss epss 0.03

    The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689.