VYPR

CVEs

344,694 total · page 6363 of 6,894

  • CVE-2007-4605Aug 31, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747.

  • CVE-2007-4606Aug 31, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in convert/mvcw_conver.php in the Virtual War (VWar) module for PHPNuke-Clan (PNC) 4.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1602. NOTE:…

  • CVE-2007-4607Aug 31, 2007
    risk 0.08cvss epss 0.56

    Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61 and other products, allows remote attackers to execute arbitrary code via a long argument to the SubmitToExpress method, a…

  • CVE-2007-4608Aug 31, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in protection.php in ePersonnel RC_2004_02 allows remote attackers to execute arbitrary PHP code via a URL in the logout_page parameter.

  • CVE-2007-4609Aug 31, 2007
    risk 0.00cvss epss 0.01

    eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized…

  • CVE-2007-4610Aug 31, 2007
    risk 0.00cvss epss 0.01

    Unrestricted file upload vulnerability in config/upload.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php.

  • CVE-2007-4611Aug 31, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in viewevent.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-4612Aug 31, 2007
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers.

  • CVE-2007-4613Aug 31, 2007
    risk 0.00cvss epss 0.01

    SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error…

  • CVE-2007-4614Aug 31, 2007
    risk 0.00cvss epss 0.01

    BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426.

  • CVE-2007-4615Aug 31, 2007
    risk 0.00cvss epss 0.02

    The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications.

  • CVE-2007-4616Aug 31, 2007
    risk 0.00cvss epss 0.02

    The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to…

  • CVE-2007-4617Aug 31, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote attackers to cause a denial of service (server thread hang) via unspecified vectors.

  • CVE-2007-4618Aug 31, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers.

  • CVE-2007-4132Aug 30, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 allows remote authenticated users to execute arbitrary code via unknown vectors in a "back-end XMLRPC handler."

  • CVE-2007-4134Aug 30, 2007
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

  • CVE-2007-4601Aug 30, 2007
    risk 0.00cvss epss 0.02

    A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might allow remote attackers to bypass intended access restrictions when a service uses libwrap but does not specify server connection information.

  • CVE-2007-4596Aug 30, 2007
    risk 0.04cvss epss 0.08

    The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.

  • CVE-2007-4597Aug 30, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549.

  • CVE-2007-4598Aug 30, 2007
    risk 0.00cvss epss 0.00

    IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts.

  • CVE-2007-4593Aug 29, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) via unspecified vectors, as demonstrated by the DC2 test suite, possibly a related issue to CVE-2007-4591. NOTE: the provenance…

  • CVE-2007-4594Aug 29, 2007
    risk 0.00cvss epss 0.01

    Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses…

  • CVE-2007-4595Aug 29, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows remote attackers to inject arbitrary web script or HTML in certain circumstances involving (1) lack of charset specification within a META element or (2) a META element that specifies an unrecognized charset,…

  • CVE-2007-4591Aug 29, 2007
    risk 0.00cvss epss 0.00

    vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) and possibly gain privileges by sending a small file buffer size value to the FsSetVolumeInformation IOCTL handler with an FsSetFileInformation subcode.

  • CVE-2007-4220Aug 29, 2007
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. (dot dot) in a Send request, probably related to the (1) Send and (2) Exchange services.

  • CVE-2007-4221Aug 29, 2007
    risk 0.01cvss epss 0.06

    Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user name and (2) certain malformed requests; and (3) allow remote Timbuktu servers to…

  • CVE-2007-4581Aug 29, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in acrotxt.php in WBB2-Addon: Acrotxt 1 allows remote attackers to execute arbitrary SQL commands via the show parameter.

  • CVE-2007-4582Aug 29, 2007
    risk 0.04cvss epss 0.10

    Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control in nvUnifiedControl.dll 1.1.45.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allows remote attackers to execute arbitrary code via a long second argument to the SetText method.

  • CVE-2007-4583Aug 29, 2007
    risk 0.04cvss epss 0.08

    Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the…

  • CVE-2007-4584Aug 29, 2007
    risk 0.04cvss epss 0.15

    Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.

  • CVE-2007-4585Aug 29, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

  • CVE-2007-4586Aug 29, 2007
    risk 0.04cvss epss 0.09

    Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate…

  • CVE-2007-4587Aug 29, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Easy Software Cafeteria escafeWeb (aka Tuigwaa) 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the setting of option.nopage.create in tuigwaa.properties.

  • CVE-2007-4588Aug 29, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to…

  • CVE-2007-4589Aug 29, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject…

  • CVE-2007-4590Aug 29, 2007
    risk 0.00cvss epss 0.00

    The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors.

  • CVE-2007-3846Aug 28, 2007
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in…

  • CVE-2007-4577Aug 28, 2007
    risk 0.00cvss epss 0.06

    Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").

  • CVE-2007-4578Aug 28, 2007
    risk 0.01cvss epss 0.07

    Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is…

  • CVE-2007-4580Aug 28, 2007
    risk 0.00cvss epss 0.00

    Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by sending a small buffer size value to the FsSetVolumeInformation IOCTL handler code with a FsSetDirectoryInformation subcode…

  • CVE-2006-7222Aug 28, 2007
    risk 0.03cvss epss 0.04

    Buffer overflow in the CFLICStream::_deltachunk function in FLICSource.cpp in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to execute arbitrary code via a crafted FLI file.

  • CVE-2007-4521Aug 28, 2007
    risk 0.00cvss epss 0.03

    Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail.

  • CVE-2007-4556Aug 28, 2007
    risk 0.02cvss epss 0.26

    Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of…

  • CVE-2007-4557Aug 28, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an…

  • CVE-2007-4559CriAug 28, 2007
    risk 0.66cvss 9.8epss 0.27

    Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

  • CVE-2007-4560Aug 28, 2007
    risk 0.10cvss epss 0.84

    clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."

  • CVE-2007-4561Aug 28, 2007
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers.

  • CVE-2007-4562Aug 28, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Hitachi DABroker before 03-02-/D and Cosminexus DABroker before 02-04-/C and 03-05-/E allows remote attackers to cause a denial of service (connection prevention) by sending "data unexpectedly through a port."

  • CVE-2007-4563Aug 28, 2007
    risk 0.00cvss epss 0.00

    Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges.

  • CVE-2007-4564Aug 28, 2007
    risk 0.00cvss epss 0.00

    Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges.