VYPR

CVEs

344,683 total · page 6382 of 6,894

  • CVE-2007-3615Jul 6, 2007
    risk 0.00cvss epss 0.02

    Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to…

  • CVE-2007-3616Jul 6, 2007
    risk 0.00cvss epss 0.01

    index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module.

  • CVE-2007-3617Jul 6, 2007
    risk 0.00cvss epss 0.01

    The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries.

  • CVE-2007-3591Jul 6, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks.

  • CVE-2007-3592Jul 6, 2007
    risk 0.00cvss epss 0.01

    PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields.

  • CVE-2007-3593Jul 6, 2007
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp,…

  • CVE-2007-3594Jul 6, 2007
    risk 0.03cvss epss 0.06

    Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4)…

  • CVE-2007-3596Jul 6, 2007
    risk 0.00cvss epss 0.01

    inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric characters in the sess_id parameter, which has unknown impact and remote attack vectors, probably cross-site scripting (XSS).

  • CVE-2007-3597Jul 6, 2007
    risk 0.00cvss epss 0.02

    Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter.

  • CVE-2007-3589Jul 5, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php.

  • CVE-2007-3590Jul 5, 2007
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB 2.24.0 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

  • CVE-2007-2839Jul 5, 2007
    risk 0.03cvss epss 0.01

    gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors.

  • CVE-2006-7216Jul 5, 2007
    risk 0.00cvss epss 0.02

    Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.

  • CVE-2006-7217Jul 5, 2007
    risk 0.00cvss epss 0.02

    Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.

  • CVE-2007-3572Jul 5, 2007
    risk 0.04cvss epss 0.08

    Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters…

  • CVE-2007-3573Jul 5, 2007
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different vectors than CVE-2006-1421.

  • CVE-2007-3574Jul 5, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm…

  • CVE-2007-3575Jul 5, 2007
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in includes/functions in FreeDomain.co.nr Clone allows remote attackers to execute arbitrary SQL commands via the logindomain parameter to members.php.

  • CVE-2007-3576Jul 5, 2007
    risk 0.01cvss epss 0.13

    Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more…

  • CVE-2007-3577Jul 5, 2007
    risk 0.00cvss epss 0.01

    PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '='…

  • CVE-2007-3578Jul 5, 2007
    risk 0.00cvss epss 0.01

    PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script.

  • CVE-2007-3579Jul 5, 2007
    risk 0.00cvss epss 0.01

    PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script.

  • CVE-2007-3580Jul 5, 2007
    risk 0.00cvss epss 0.01

    PHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script.

  • CVE-2007-3581Jul 5, 2007
    risk 0.00cvss epss 0.02

    The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View.

  • CVE-2007-3582Jul 5, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter.

  • CVE-2007-3583Jul 5, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter.

  • CVE-2007-3584Jul 5, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter.

  • CVE-2007-3585Jul 5, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.

  • CVE-2007-3586Jul 5, 2007
    risk 0.03cvss epss 0.02

    Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE:…

  • CVE-2007-3587Jul 5, 2007
    risk 0.03cvss epss 0.03

    MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php.

  • CVE-2007-3588Jul 5, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote attackers to execute arbitrary SQL commands via the UserID parameter to sub-join.php. NOTE: this may be the same as CVE-2006-3691.4.

  • CVE-2007-3011Jul 5, 2007
    risk 0.03cvss epss 0.04

    The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter.

  • CVE-2007-3012Jul 5, 2007
    risk 0.00cvss epss 0.02

    The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated…

  • CVE-2007-3567Jul 5, 2007
    risk 0.00cvss epss 0.03

    MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests.

  • CVE-2007-3568Jul 5, 2007
    risk 0.00cvss epss 0.02

    The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0.

  • CVE-2007-3569Jul 5, 2007
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe; the (3) TERMS, (4) database, (5) srchad, (6)…

  • CVE-2007-3570Jul 5, 2007
    risk 0.00cvss epss 0.02

    The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.

  • CVE-2007-3571Jul 5, 2007
    risk 0.00cvss epss 0.01

    The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.

  • CVE-2007-3557Jul 4, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter.

  • CVE-2007-3558Jul 4, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.

  • CVE-2007-3559Jul 4, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant.

  • CVE-2007-3560Jul 4, 2007
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors.

  • CVE-2007-3561Jul 4, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2007-3562Jul 4, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in videos.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-3563Jul 4, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page action to index.php.

  • CVE-2007-2949Jul 4, 2007
    risk 0.01cvss epss 0.07

    Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.

  • CVE-2007-3554Jul 4, 2007
    risk 0.04cvss epss 0.18

    Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function.

  • CVE-2007-3555Jul 4, 2007
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424.

  • CVE-2007-3556Jul 4, 2007
    risk 0.03cvss epss 0.03

    Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc.

  • CVE-2006-7215Jul 3, 2007
    risk 0.00cvss epss 0.00

    The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has unknown impact and…