VYPR

CVEs

344,766 total · page 6350 of 6,896

  • CVE-2007-5438Oct 13, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE…

  • CVE-2007-5439Oct 13, 2007
    risk 0.00cvss epss 0.02

    CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors.

  • CVE-2007-5208Oct 13, 2007
    risk 0.08cvss epss 0.67

    hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail.

  • CVE-2007-5325Oct 13, 2007
    risk 0.01cvss epss 0.12

    Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2007-5326Oct 13, 2007
    risk 0.01cvss epss 0.12

    Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2007-5327Oct 13, 2007
    risk 0.01cvss epss 0.16

    Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum.

  • CVE-2007-5328Oct 13, 2007
    risk 0.01cvss epss 0.07

    The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privileged function exposure."

  • CVE-2007-5329Oct 13, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption.

  • CVE-2007-5330Oct 13, 2007
    risk 0.01cvss epss 0.13

    The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corruption related to the use of…

  • CVE-2007-5331Oct 13, 2007
    risk 0.01cvss epss 0.10

    Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup…

  • CVE-2007-5332Oct 13, 2007
    risk 0.03cvss epss 0.05

    Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, have unknown impact and attack vectors related to memory corruption.

  • CVE-2007-5358Oct 12, 2007
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute…

  • CVE-2007-5423Oct 12, 2007
    risk 0.09cvss epss 0.77

    tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.

  • CVE-2007-5424Oct 12, 2007
    risk 0.00cvss epss 0.02

    The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.

  • CVE-2007-5425Oct 12, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131.

  • CVE-2007-5426Oct 12, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX 2.5.4 allow remote attackers to inject arbitrary web script or HTML via the page parameter to the default URI for some directories, as demonstrated by (1) ActiveKB/ and (2) default/categories/ActiveKB/.

  • CVE-2007-5427Oct 12, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1.

  • CVE-2007-5428Oct 12, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in UMI CMS allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to the default URI in search_do/.

  • CVE-2007-5429Oct 12, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 allows remote attackers to inject arbitrary web script or HTML via the archive parameter.

  • CVE-2007-5430Oct 12, 2007
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course…

  • CVE-2007-5431Oct 12, 2007
    risk 0.00cvss epss 0.02

    include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the FTP server being used by the module by viewing the source code.

  • CVE-2007-5432Oct 12, 2007
    risk 0.00cvss epss 0.01

    Stride 1.0 has a default administrator username of "scott" with the password "running", which allows remote attackers to obtain administrative access through login.php.

  • CVE-2007-5433Oct 12, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Site-Up 2.64 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) search mask field.

  • CVE-2007-5434Oct 12, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default URI.

  • CVE-2007-4619Oct 12, 2007
    risk 0.01cvss epss 0.07

    Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a…

  • CVE-2007-5414Oct 12, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses single quote characters to delimit a literal string within…

  • CVE-2007-5415Oct 12, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses '/' (slash) characters to delimit a literal string within an XSS…

  • CVE-2007-5416Oct 12, 2007
    risk 0.03cvss epss 0.04

    Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a…

  • CVE-2007-5417Oct 12, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in boastMachine (aka bMachine) 2.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

  • CVE-2007-5418Oct 12, 2007
    risk 0.00cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) en_copyrite.php, (2) vi_copyrite.php, and (3) ar_copyrite.php in language/ directories; (4) class_access.php, (5)…

  • CVE-2007-5419Oct 12, 2007
    risk 0.00cvss epss 0.02

    The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended…

  • CVE-2007-5420Oct 12, 2007
    risk 0.00cvss epss 0.02

    The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details.

  • CVE-2007-5422Oct 12, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors.

  • CVE-2007-3675Oct 12, 2007
    risk 0.00cvss epss 0.05

    Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger…

  • CVE-2007-5407Oct 12, 2007
    risk 0.06cvss epss 0.40

    Multiple PHP remote file inclusion vulnerabilities in the JContentSubscription (com_jcs) 1.5.8 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) jcs.function.php; (2) add.php, (3) history.php, and…

  • CVE-2007-5408Oct 12, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows remote attackers to execute arbitrary SQL commands via the category parameter.

  • CVE-2007-5409Oct 12, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in admin/nuseo_admin_d.php in NuSEO PHP Enterprise 1.6 (NuSEO.PHP), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the nuseo_dir parameter.

  • CVE-2007-5410Oct 12, 2007
    risk 0.03cvss epss 0.05

    PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

  • CVE-2007-5411Oct 12, 2007
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message.

  • CVE-2007-5412Oct 12, 2007
    risk 0.06cvss epss 0.38

    Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 Allopass (com_mp3_allopass) 1.0 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter to (1) allopass.php and (2) allopass-error.php.

  • CVE-2007-5386Oct 12, 2007
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.

  • CVE-2007-5387Oct 12, 2007
    risk 0.05cvss epss 0.29

    PHP remote file inclusion vulnerability in active/components/xmlrpc/client.php in Pindorama 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the c[components] parameter.

  • CVE-2007-5388Oct 12, 2007
    risk 0.06cvss epss 0.38

    Multiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) app parameter to apps/apps.php and the (2) wsk parameter to wsk/wsk.php.

  • CVE-2007-5389Oct 12, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because…

  • CVE-2007-5390Oct 12, 2007
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pagina parameter.

  • CVE-2007-5391Oct 12, 2007
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors.

  • CVE-2007-5378Oct 12, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent…

  • CVE-2007-5381Oct 12, 2007
    risk 0.04cvss epss 0.15

    Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated…

  • CVE-2007-5382Oct 12, 2007
    risk 0.00cvss epss 0.03

    The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges.

  • CVE-2007-5383Oct 12, 2007
    risk 0.00cvss epss 0.04

    The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka…