VYPR

CVEs

344,683 total · page 6381 of 6,894

  • CVE-2007-3672Jul 10, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified form fields on the blogroll page.

  • CVE-2006-4519Jul 10, 2007
    risk 0.00cvss epss 0.06

    Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.

  • CVE-2007-3646Jul 10, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in FlashGameScript 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a member action.

  • CVE-2007-3647Jul 10, 2007
    risk 0.00cvss epss 0.03

    The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to "traffic." NOTE: some of these details are obtained from third party information.

  • CVE-2007-3648Jul 10, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to admin/admin_album.php and admin/admin_downloads.php. NOTE: some of these details…

  • CVE-2007-3649Jul 10, 2007
    risk 0.03cvss epss 0.05

    Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method.

  • CVE-2007-3642Jul 10, 2007
    risk 0.00cvss epss 0.04

    The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c in the Linux kernel before 2.6.20.15, 2.6.21.x before 2.6.21.6, and before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which…

  • CVE-2007-3643Jul 10, 2007
    risk 0.00cvss epss 0.02

    admin/index.php in AV Arcade 2.1b grants administrative privileges when the ava_userid cookie value is 1, which allows remote attackers to perform certain administrative actions.

  • CVE-2006-7220Jul 10, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote attackers to cause a denial of service (application crash) via a certain print job request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2007-3630Jul 10, 2007
    risk 0.03cvss epss 0.02

    changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.

  • CVE-2007-3631Jul 10, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validation of the id field.

  • CVE-2007-3632Jul 10, 2007
    risk 0.08cvss epss 0.62

    Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php…

  • CVE-2007-3633Jul 10, 2007
    risk 0.03cvss epss 0.03

    Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe…

  • CVE-2007-3634Jul 10, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this…

  • CVE-2007-3635Jul 10, 2007
    risk 0.00cvss epss 0.00

    Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634.

  • CVE-2007-3636Jul 10, 2007
    risk 0.03cvss epss 0.03

    Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.

  • CVE-2007-3637Jul 10, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with…

  • CVE-2007-3638Jul 10, 2007
    risk 0.03cvss epss 0.02

    Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information…

  • CVE-2007-3639Jul 10, 2007
    risk 0.00cvss epss 0.02

    WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other…

  • CVE-2007-3640Jul 10, 2007
    risk 0.00cvss epss 0.03

    Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent attackers to modify arbitrary files within an executing .air file (compiled AIR application) and perform cross-site scripting (XSS) attacks, as demonstrated by an application that modifies an HTML file inside…

  • CVE-2007-3619Jul 9, 2007
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.

  • CVE-2007-3620Jul 9, 2007
    risk 0.00cvss epss 0.03

    Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 and earlier might allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) prevlang and (2) super parameters to (a) php/login.php; the (3) charset parameter to (a) php/login.php, (b)…

  • CVE-2007-3621Jul 9, 2007
    risk 0.04cvss epss 0.08

    Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the (1) IN and (2) OUT parameters.

  • CVE-2007-3622Jul 9, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages.

  • CVE-2007-3623Jul 9, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand Device Manager, Tiered Storage Manager, Replication Monitor, and GlobalLink Availability Manager before 20070528 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header.

  • CVE-2007-3624Jul 9, 2007
    risk 0.06cvss epss 0.37

    Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group.

  • CVE-2007-3625Jul 9, 2007
    risk 0.00cvss epss 0.02

    The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname.

  • CVE-2007-3626Jul 9, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before 20070706 allows remote attackers to cause a denial of service (daemon crash) via a certain request.

  • CVE-2007-3627Jul 9, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already…

  • CVE-2007-3628Jul 9, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries."

  • CVE-2007-3629Jul 9, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2006-7218Jul 6, 2007
    risk 0.00cvss epss 0.01

    eZ publish before 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy.

  • CVE-2006-7219Jul 6, 2007
    risk 0.00cvss epss 0.01

    eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this…

  • CVE-2007-3598Jul 6, 2007
    risk 0.00cvss epss 0.01

    index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of…

  • CVE-2007-3599Jul 6, 2007
    risk 0.00cvss epss 0.01

    vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission.

  • CVE-2007-3600Jul 6, 2007
    risk 0.00cvss epss 0.02

    WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module.

  • CVE-2007-3601Jul 6, 2007
    risk 0.00cvss epss 0.01

    vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view.

  • CVE-2007-3602Jul 6, 2007
    risk 0.00cvss epss 0.01

    The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.

  • CVE-2007-3603Jul 6, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php.

  • CVE-2007-3604Jul 6, 2007
    risk 0.00cvss epss 0.01

    vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php.

  • CVE-2007-3605Jul 6, 2007
    risk 0.09cvss epss 0.70

    Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function.

  • CVE-2007-3606Jul 6, 2007
    risk 0.04cvss epss 0.08

    Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function.

  • CVE-2007-3607Jul 6, 2007
    risk 0.03cvss epss 0.04

    Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors.

  • CVE-2007-3608Jul 6, 2007
    risk 0.03cvss epss 0.03

    Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors.

  • CVE-2007-3609Jul 6, 2007
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors.

  • CVE-2007-3610Jul 6, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

  • CVE-2007-3611Jul 6, 2007
    risk 0.03cvss epss 0.03

    admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter.

  • CVE-2007-3612Jul 6, 2007
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command.

  • CVE-2007-3613Jul 6, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Internet Graphics Service (IGS) allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter.

  • CVE-2007-3614Jul 6, 2007
    risk 0.09cvss epss 0.70

    Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other…