VYPR

CVEs

344,694 total · page 6375 of 6,894

  • CVE-2007-4005Jul 26, 2007
    risk 0.04cvss epss 0.11

    Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 allows remote attackers to execute arbitrary code via a long string to the shell port (514/tcp). NOTE: this might overlap CVE-2007-4006.

  • CVE-2007-4006Jul 26, 2007
    risk 0.06cvss epss 0.34

    Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release…

  • CVE-2007-4007Jul 26, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

  • CVE-2007-4008Jul 26, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter.

  • CVE-2007-4009Jul 26, 2007
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter.

  • CVE-2007-4010Jul 26, 2007
    risk 0.03cvss epss 0.06

    The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.

  • CVE-2007-4011Jul 26, 2007
    risk 0.00cvss epss 0.02

    Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted…

  • CVE-2007-4012Jul 26, 2007
    risk 0.00cvss epss 0.02

    Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a known client context", aka…

  • CVE-2007-3985Jul 25, 2007
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to download arbitrary files via a .. (dot dot) in the name parameter.

  • CVE-2007-3986Jul 25, 2007
    risk 0.00cvss epss 0.02

    file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE:…

  • CVE-2007-3987Jul 25, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, when WordSearchCrit is enabled, allows remote attackers to execute arbitrary SQL commands via the SearchWord parameter.

  • CVE-2007-3988Jul 25, 2007
    risk 0.00cvss epss 0.01

    Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

  • CVE-2007-3989Jul 25, 2007
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in default.asp in Dora Emlak 1.0, when the goster parameter is set to iletisim, allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz and (2) Soyadiniz parameters; and possibly other unspecified…

  • CVE-2007-3990Jul 25, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in default.asp in Dora Emlak 1.0, when the goster parameter is set to emlakdetay, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely…

  • CVE-2007-3991Jul 25, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp cvmatik 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz (Ady), (2) Soyadiniz (Soyady), (3) Ehliyet, (4) Askerlik, and (5) GSM parameters; and possibly other…

  • CVE-2007-3992Jul 25, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the…

  • CVE-2007-3993Jul 25, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the attachment filter in Kerio MailServer before 6.4.1 has unknown impact and remote attack vectors.

  • CVE-2006-7221HigJul 25, 2007
    risk 0.49cvss 7.5epss 0.01

    Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the (1) name and (2) d_name entry attributes.

  • CVE-2007-3026Jul 25, 2007
    risk 0.01cvss epss 0.09

    Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow.

  • CVE-2007-3383Jul 25, 2007
    risk 0.01cvss epss 0.09

    Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and…

  • CVE-2007-3531Jul 25, 2007
    risk 0.00cvss epss 0.00

    The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file.

  • CVE-2007-3679Jul 25, 2007
    risk 0.00cvss epss 0.02

    The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs…

  • CVE-2007-3961Jul 25, 2007
    risk 0.00cvss epss 0.02

    Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib before 0.9 allows remote attackers to cause a denial of service via a directory entry whose length is exactly MAXNAMELEN, which prevents a terminating null byte from being added.

  • CVE-2007-3962Jul 25, 2007
    risk 0.00cvss epss 0.05

    Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to execute arbitrary code via (1) a long filename that is not properly handled by the fsp_readdir_native function when MAXNAMLEN is greater than 255, or (2) a long d_name…

  • CVE-2007-3963Jul 25, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a…

  • CVE-2007-3964Jul 25, 2007
    risk 0.00cvss epss 0.01

    Itaka before 0.2.1, when using Authentication mode, allows remote attackers to bypass authentication and obtain sensitive information by downloading screenshots via a direct request for /screenshot.

  • CVE-2007-3965Jul 25, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in uFMOD before 1.2.5 has unknown impact and attack vectors, possibly related to malformed files, and possibly an integer signedness error for relative note instruments.

  • CVE-2007-3966Jul 25, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Munch Pro allows remote attackers to execute arbitrary SQL commands via the login field to /admin, a different vulnerability than CVE-2006-5880.

  • CVE-2007-3967HigJul 25, 2007
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in index.php in PHP Directory Lister (dirLIST) before 0.1.1 allows remote attackers to list the contents of a parent directory via a .. (dot dot) in the folder parameter.

  • CVE-2007-3968MedJul 25, 2007
    risk 0.35cvss 5.3epss 0.01

    index.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded folder via a modified URL containing the folder name.

  • CVE-2007-3969Jul 25, 2007
    risk 0.00cvss epss 0.06

    Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around."

  • CVE-2007-3970Jul 25, 2007
    risk 0.00cvss epss 0.06

    Race condition in ESET NOD32 Antivirus before 2.2289 allows remote attackers to execute arbitrary code via a crafted CAB file, which triggers heap corruption.

  • CVE-2007-3971Jul 25, 2007
    risk 0.00cvss epss 0.03

    Integer overflow in ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted ASPACK packed file, which triggers an infinite loop.

  • CVE-2007-3972Jul 25, 2007
    risk 0.00cvss epss 0.03

    ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service via a crafted (1) ASPACK or (2) FSG packed file, which triggers a divide-by-zero error.

  • CVE-2007-3973Jul 25, 2007
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, or the (2) search parameter or (3) theme cookie to (b) recherche.php.

  • CVE-2007-3974Jul 25, 2007
    risk 0.03cvss epss 0.04

    admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters.

  • CVE-2007-3975Jul 25, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter in a ptopic action, a different vulnerability than CVE-2005-3412.

  • CVE-2007-3976Jul 25, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in bwired allows remote attackers to execute arbitrary SQL commands via the newsID parameter.

  • CVE-2007-3977Jul 25, 2007
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in bwired allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-3978Jul 25, 2007
    risk 0.03cvss epss 0.02

    Session fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

  • CVE-2007-3979Jul 25, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter.

  • CVE-2007-3980Jul 25, 2007
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in page.php in RCMS Pro RGameScript Pro allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.

  • CVE-2007-3981Jul 25, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in WSN Links Basic Edition allows remote attackers to execute arbitrary SQL commands via the catid parameter in a displaycat action.

  • CVE-2007-3982Jul 25, 2007
    risk 0.03cvss epss 0.02

    Absolute path traversal vulnerability in the Data Dynamics ActiveReport (ActiveReports) ActiveX control in actrpt2.dll 2.5 and earlier allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveLayout method.

  • CVE-2007-3983Jul 25, 2007
    risk 0.03cvss epss 0.02

    Absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 (ActiveReports) ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 (SP5 RC) allows remote attackers to create or overwrite arbitrary files via a full…

  • CVE-2007-3984Jul 25, 2007
    risk 0.03cvss epss 0.04

    Buffer overflow in a certain ActiveX control in the NixonMyPrograms class in sasatl.dll 1.5.0.531 in Zenturi ProgramChecker allows remote attackers to execute arbitrary code via a long argument to the Scan method. NOTE: this is probably a different issue than CVE-2007-2987.

  • CVE-2007-3955Jul 24, 2007
    risk 0.04cvss epss 0.08

    Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll in the LinkedIn Toolbar 3.0.2.1098 allows remote attackers to execute arbitrary code via a long second argument (varBrowser argument) to the search method. NOTE: some of these details are…

  • CVE-2007-3956Jul 24, 2007
    risk 0.04cvss epss 0.08

    TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP…

  • CVE-2007-3957Jul 24, 2007
    risk 0.04cvss epss 0.07

    Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote attackers to cause a denial of service via a POST request with a long URI.

  • CVE-2007-3958Jul 24, 2007
    risk 0.05cvss epss 0.25

    Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif.