VYPR

CVEs

344,705 total · page 6358 of 6,895

  • CVE-2007-4943Sep 18, 2007
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816. NOTE: the…

  • CVE-2007-4944Sep 18, 2007
    risk 0.00cvss epss 0.02

    The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript.

  • CVE-2007-4945Sep 18, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade allow remote attackers to inject arbitrary web script or HTML via (1) a student's email address, (2) the year parameter to genbrws/Student/cal_month.php3, and other unspecified vectors related to the calendar. …

  • CVE-2007-4946Sep 18, 2007
    risk 0.00cvss epss 0.01

    LetterGrade allows remote attackers to obtain sensitive information (installation path or account existence) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2007-4925Sep 18, 2007
    risk 0.03cvss epss 0.03

    The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment Client (ePC) 1.60 and 1.70 allows remote attackers to execute arbitrary commands via shell metacharacters in the paymentinfo parameter to simplePHPLinux/3payment_receive.php.

  • CVE-2007-4926Sep 18, 2007
    risk 0.00cvss epss 0.03

    The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors.

  • CVE-2007-4927Sep 18, 2007
    risk 0.00cvss epss 0.02

    axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action.

  • CVE-2007-4928Sep 18, 2007
    risk 0.00cvss epss 0.00

    The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information.

  • CVE-2007-4929Sep 18, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W camera allow remote attackers to inject arbitrary web script or HTML via the camNo parameter to incl/image_incl.shtml, and other unspecified vectors.

  • CVE-2007-4930Sep 18, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) the…

  • CVE-2007-4931Sep 18, 2007
    risk 0.00cvss epss 0.00

    HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL update, which has unknown impact and attack vectors, probably related to previous…

  • CVE-2007-4932Sep 18, 2007
    risk 0.03cvss epss 0.03

    admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel.

  • CVE-2007-4933Sep 18, 2007
    risk 0.03cvss epss 0.02

    Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a save_appearence action in admin.php, as demonstrated with the (1)…

  • CVE-2007-4934Sep 18, 2007
    risk 0.05cvss epss 0.22

    Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) program_files/livedraft/livedraft.php or (2) program_files/livedraft/admin.php.

  • CVE-2007-4935Sep 18, 2007
    risk 0.00cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) admin.php, (2) custom_pages.php, (3) draft.php, (4) faq.php, (5) leagues.php, (6) livedraft.php, (7)…

  • CVE-2007-3379Sep 17, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command.

  • CVE-2007-3654Sep 17, 2007
    risk 0.00cvss epss 0.00

    The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function.

  • CVE-2007-3731Sep 17, 2007
    risk 0.00cvss epss 0.01

    The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain code that makes ptrace…

  • CVE-2007-4909Sep 17, 2007
    risk 0.03cvss epss 0.04

    Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the…

  • CVE-2007-4910Sep 17, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in netInvoicing before 2.7.3 has unknown impact and attack vectors, related to "security check soap".

  • CVE-2007-4911Sep 17, 2007
    risk 0.03cvss epss 0.03

    JSMP3OGGWt.dll in JetCast Server 2.0.0.4308 allows remote attackers to cause a denial of service (daemon crash) via a long .mp3 URI to TCP port 8000. NOTE: some of these details are obtained from third party information.

  • CVE-2007-4912Sep 17, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other…

  • CVE-2007-4913Sep 17, 2007
    risk 0.00cvss epss 0.01

    ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are…

  • CVE-2007-4914Sep 17, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1)…

  • CVE-2007-4915Sep 17, 2007
    risk 0.08cvss epss 0.68

    The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long…

  • CVE-2007-4916Sep 17, 2007
    risk 0.05cvss epss 0.20

    Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo…

  • CVE-2007-4917Sep 17, 2007
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334.

  • CVE-2007-4918Sep 17, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in classes/gelato.class.php in Gelato allows remote attackers to execute arbitrary SQL commands via the post parameter to index.php.

  • CVE-2007-4919Sep 17, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote attackers to execute arbitrary SQL commands via the id parameter to index.php, and allow (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/modifpost.php.

  • CVE-2007-4920Sep 17, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter.

  • CVE-2007-4921Sep 17, 2007
    risk 0.07cvss epss 0.53

    PHP remote file inclusion vulnerability in _includes/settings.inc.php in Ajax File Browser 3 Beta allows remote attackers to execute arbitrary PHP code via a URL in the approot parameter.

  • CVE-2007-4922Sep 17, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in play.php in the jeuxflash 1.0 module for KwsPHP allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a play ac action to index.php. NOTE: some details are obtained from third party information.

  • CVE-2007-4923Sep 17, 2007
    risk 0.06cvss epss 0.42

    PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

  • CVE-2007-4902Sep 17, 2007
    risk 0.03cvss epss 0.06

    Absolute path traversal vulnerability in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allows remote attackers to write to arbitrary files via a full pathname in the argument to the SaveToFile method.

  • CVE-2007-4903Sep 17, 2007
    risk 0.04cvss epss 0.09

    Multiple buffer overflows in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allow remote attackers to execute arbitrary code via (1) a long string in the first argument to the AcquireContext method or (2) an unspecified vector to the…

  • CVE-2007-4904Sep 17, 2007
    risk 0.03cvss epss 0.03

    RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.

  • CVE-2007-4905Sep 17, 2007
    risk 0.04cvss epss 0.07

    Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2.1 allows remote attackers to upload and execute arbitrary PHP files via the image parameter, which places a file under files/.

  • CVE-2007-4906Sep 17, 2007
    risk 0.06cvss epss 0.38

    PHP remote file inclusion vulnerability in tasks/send_queued_emails.php in NuclearBB Alpha 2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.

  • CVE-2007-4907Sep 17, 2007
    risk 0.04cvss epss 0.08

    Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) config.php, (2) prepare.php, (3) smarty.php, (4) customer/product.php, (5) provider/auth.php, and (6) admin/auth.php.

  • CVE-2007-4908Sep 17, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in AuraCMS 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pilih parameter.

  • CVE-2007-4892Sep 14, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote attackers to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3.

  • CVE-2007-4893Sep 14, 2007
    risk 0.00cvss epss 0.02

    wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2)…

  • CVE-2007-4894Sep 14, 2007
    risk 0.00cvss epss 0.04

    Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other…

  • CVE-2007-4895Sep 14, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the f parameter.

  • CVE-2007-4896Sep 14, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in admin/header.php in Toms Gaestebuch 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang[adminseite], (2) lang[ueberschrift], or (3) einst[metachar] parameter, different vectors…

  • CVE-2007-4897Sep 14, 2007
    risk 0.04cvss epss 0.11

    pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in…

  • CVE-2007-4898Sep 14, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 Enterprise RC2 allows remote authenticated users, with administrative access to one wiki in a multiwiki environment, to obtain sensitive information via unknown attack vectors. NOTE: Some of these details are…

  • CVE-2007-4899Sep 14, 2007
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Boinc Forum 5.10.20 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to forum_forum.php, or the search_string parameter to forum_text_search_action.php in a (2) titles or (3)…

  • CVE-2007-4900Sep 14, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the logon page in RSA EnVision 3.3.6 Build 0115 allows remote attackers to inject arbitrary web script or HTML via the username field.

  • CVE-2007-4901Sep 14, 2007
    risk 0.00cvss epss 0.03

    The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place…