VYPR

CVEs

344,694 total · page 6370 of 6,894

  • CVE-2007-4252Aug 8, 2007
    risk 0.03cvss epss 0.02

    Absolute path traversal vulnerability in a certain ActiveX control in CkString.dll 1.1 and earlier in CHILKAT ASP String allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveToFile method, a different vulnerability…

  • CVE-2007-4253Aug 8, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263.

  • CVE-2007-4254Aug 8, 2007
    risk 0.04cvss epss 0.12

    Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap…

  • CVE-2007-4255Aug 8, 2007
    risk 0.04cvss epss 0.09

    Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.

  • CVE-2007-4256Aug 8, 2007
    risk 0.04cvss epss 0.06

    Directory traversal vulnerability in showpage.cgi in YNP Portal System 2.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter.

  • CVE-2007-4257Aug 8, 2007
    risk 0.03cvss epss 0.05

    Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user-assisted remote attackers to execute arbitrary code via (1) a .spr file (single player replay file) containing a long user name or (2) a .ply file containing a long number plate string, different vectors than…

  • CVE-2007-4258Aug 8, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.

  • CVE-2007-4259Aug 8, 2007
    risk 0.00cvss epss 0.02

    EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled.

  • CVE-2007-4260Aug 8, 2007
    risk 0.00cvss epss 0.01

    EZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username.

  • CVE-2007-4261Aug 8, 2007
    risk 0.00cvss epss 0.02

    EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries.txt, or (2) a file…

  • CVE-2007-4262Aug 8, 2007
    risk 0.00cvss epss 0.02

    Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/.

  • CVE-2007-4263Aug 8, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors.

  • CVE-2007-4226Aug 8, 2007
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE:…

  • CVE-2007-4227Aug 8, 2007
    risk 0.01cvss epss 0.13

    Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958.

  • CVE-2007-4228Aug 8, 2007
    risk 0.00cvss epss 0.00

    rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument.

  • CVE-2007-4229Aug 8, 2007
    risk 0.03cvss epss 0.02

    Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. …

  • CVE-2007-4230Aug 8, 2007
    risk 0.00cvss epss 0.02

    BellaBiblio allows remote attackers to gain administrative privileges via a bellabiblio cookie with the value "administrator." NOTE: this issue is disputed by CVE and multiple third parties because the cookie value must be an MD5 hash

  • CVE-2007-4231Aug 8, 2007
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in order/login.php in IDevSpot PhpHostBot 1.06 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the svr_rootscript parameter, a different vector than CVE-2007-4094 and CVE-2006-3776.

  • CVE-2007-4232Aug 8, 2007
    risk 0.07cvss epss 0.52

    PHP remote file inclusion vulnerability in admin/inc/change_action.php in Andreas Robertz PHPNews 0.93 allows remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter.

  • CVE-2007-4233Aug 8, 2007
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Camera Life before 2.6 allow attackers to cause a denial of service via unknown vectors.

  • CVE-2007-4234Aug 8, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Camera Life before 2.6 allows remote attackers to download private photos via unspecified vectors associated with the names of the photos. NOTE: some of these details are obtained from third party information.

  • CVE-2007-4235Aug 8, 2007
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php.

  • CVE-2007-4236Aug 8, 2007
    risk 0.00cvss epss 0.00

    Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges.

  • CVE-2007-4237Aug 8, 2007
    risk 0.00cvss epss 0.00

    Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges.

  • CVE-2007-4238Aug 8, 2007
    risk 0.00cvss epss 0.00

    AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit.

  • CVE-2007-4239Aug 8, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 210_07062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter.

  • CVE-2007-4240Aug 8, 2007
    risk 0.00cvss epss 0.01

    The check_logout function in class/auth.php in Help Center Live (hcl) 2.1.3a sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to delete administrative users and have other unspecified impact via…

  • CVE-2007-4241Aug 8, 2007
    risk 0.01cvss epss 0.11

    Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisco Local Director on HP-UX 11.11i allows remote attackers to execute arbitrary code via a long string to TCP port 17781.

  • CVE-2007-4242Aug 8, 2007
    risk 0.00cvss epss 0.02

    The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment.

  • CVE-2007-4243Aug 8, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data.

  • CVE-2007-4224Aug 8, 2007
    risk 0.00cvss epss 0.02

    KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.

  • CVE-2007-4225Aug 8, 2007
    risk 0.00cvss epss 0.02

    Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion.

  • CVE-2007-4205Aug 8, 2007
    risk 0.00cvss epss 0.03

    XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2.8 allows remote attackers to cause a denial of service (heartbeat control process crash) via a UDP packet to port 694. NOTE: this may be the same as CVE-2006-3121.

  • CVE-2007-4206Aug 8, 2007
    risk 0.00cvss epss 0.00

    Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets incorrect permissions for application files in certain upgrade scenarios, which might allow local users to gain privileges.

  • CVE-2007-4207Aug 8, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in admin_console/index.asp in Gallery In A Box allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: these fields might be associated with the txtUsername and txtPassword parameters.

  • CVE-2007-4208Aug 8, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote attackers to execute arbitrary SQL commands via the (1) Users_Email or (2) Users_Password parameter in an ExecuteTheLogin action.

  • CVE-2007-4209Aug 8, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Recherche.php in Aceboard forum allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2007-4210Aug 8, 2007
    risk 0.03cvss epss 0.03

    Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid…

  • CVE-2007-4211Aug 8, 2007
    risk 0.00cvss epss 0.01

    The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.

  • CVE-2007-4212Aug 8, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element,…

  • CVE-2007-2927Aug 8, 2007
    risk 0.02cvss epss 0.26

    Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame.

  • CVE-2007-3108Aug 8, 2007
    risk 0.00cvss epss 0.00

    The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.

  • CVE-2007-3384Aug 8, 2007
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.

  • CVE-2007-3844Aug 8, 2007
    risk 0.03cvss epss 0.05

    Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by…

  • CVE-2007-3845Aug 8, 2007
    risk 0.03cvss epss 0.06

    Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of…

  • CVE-2007-4175Aug 8, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenRat CMS 0.8-beta1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subaction and (2) action parameters.

  • CVE-2007-4176Aug 8, 2007
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have unknown impact and attack vectors.

  • CVE-2007-4177Aug 8, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328.

  • CVE-2007-4178Aug 8, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter.

  • CVE-2007-4179Aug 8, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. NOTE: this is probably different from CVE-2007-0916, but this is not…