VYPR

CVEs

344,683 total · page 6385 of 6,894

  • CVE-2007-3462Jun 27, 2007
    risk 0.00cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, allows remote attackers to execute commands as arbitrary users, and disable firewalling of the protected network.

  • CVE-2007-3463Jun 27, 2007
    risk 0.00cvss epss 0.01

    Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that…

  • CVE-2007-3464Jun 27, 2007
    risk 0.00cvss epss 0.01

    Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended…

  • CVE-2007-3465Jun 27, 2007
    risk 0.00cvss epss 0.01

    Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password.

  • CVE-2006-5752Jun 27, 2007
    risk 0.02cvss epss 0.28

    Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors…

  • CVE-2006-7210Jun 27, 2007
    risk 0.05cvss epss 0.28

    Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.

  • CVE-2007-1792Jun 27, 2007
    risk 0.00cvss epss 0.05

    libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail,…

  • CVE-2007-1863Jun 27, 2007
    risk 0.01cvss epss 0.12

    cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2)…

  • CVE-2007-3258Jun 27, 2007
    risk 0.00cvss epss 0.01

    calendar.php in Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via large values to the (1) year and (2) month parameters, which causes negative values to be passed to the mktime library call, and reveals the installation path in the error message.

  • CVE-2007-3458Jun 27, 2007
    risk 0.00cvss epss 0.00

    The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.

  • CVE-2006-7209Jun 27, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA before 1.2beta2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords results in the (1) main, (2) daily, (3) weekly, (4) monthly, (5) new trends, (6)…

  • CVE-2007-1663Jun 27, 2007
    risk 0.00cvss epss 0.02

    Memory leak in the image message functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service.

  • CVE-2007-1664Jun 27, 2007
    risk 0.00cvss epss 0.02

    ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service (NULL pointer dereference) via a vector related to the token OCR functionality.

  • CVE-2007-1665Jun 27, 2007
    risk 0.00cvss epss 0.02

    Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service.

  • CVE-2007-3425Jun 27, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2.

  • CVE-2007-3426Jun 27, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

  • CVE-2007-3427Jun 27, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action.

  • CVE-2007-3428Jun 27, 2007
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076.

  • CVE-2007-3429Jun 27, 2007
    risk 0.03cvss epss 0.02

    Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.

  • CVE-2007-3430Jun 27, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action.

  • CVE-2007-3431Jun 27, 2007
    risk 0.09cvss epss 0.71

    PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter.

  • CVE-2007-3432Jun 27, 2007
    risk 0.04cvss epss 0.08

    Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.

  • CVE-2007-3433Jun 27, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action.

  • CVE-2007-3434Jun 27, 2007
    risk 0.03cvss epss 0.03

    index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the page parameter, which reveals the table prefix in an error message.

  • CVE-2007-3435Jun 27, 2007
    risk 0.06cvss epss 0.35

    Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.

  • CVE-2007-3436Jun 27, 2007
    risk 0.01cvss epss 0.13

    Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation.

  • CVE-2007-3437Jun 27, 2007
    risk 0.00cvss epss 0.02

    AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350.

  • CVE-2007-3438Jun 27, 2007
    risk 0.00cvss epss 0.02

    Buffer overflow in the SIP header parsing module in the Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to execute arbitrary code via a malformed message, a different vulnerability than CVE-2007-3361.

  • CVE-2007-3439Jun 27, 2007
    risk 0.00cvss epss 0.02

    The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to read a list of missed calls, received calls, and dialed numbers via a direct request to the web server on port 1800.

  • CVE-2007-3440Jun 27, 2007
    risk 0.00cvss epss 0.02

    The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to place calls to arbitrary phone numbers via certain requests to the web server on port 1800.

  • CVE-2007-3441Jun 27, 2007
    risk 0.00cvss epss 0.01

    Format string vulnerability in the Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to cause a denial of service (blocked call reception and slow calling) via format string specifiers in an SDP header value, a different…

  • CVE-2007-3442Jun 27, 2007
    risk 0.00cvss epss 0.01

    Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a host name in the Contact…

  • CVE-2007-3443Jun 27, 2007
    risk 0.00cvss epss 0.01

    The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does not properly manage transaction states, which allows remote attackers to cause a denial of service (temporary device hang) by sending a certain SIP INVITE message, but not providing an ACK when the call is…

  • CVE-2007-3444Jun 27, 2007
    risk 0.00cvss epss 0.02

    The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows remote attackers to cause a denial of service (blocked call reception) via a malformed SIP invite message, possibly related to multiple format string specifiers in the From field, a spoofed source IP address,…

  • CVE-2007-3445Jun 27, 2007
    risk 0.00cvss epss 0.01

    Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351.

  • CVE-2007-3446Jun 27, 2007
    risk 0.04cvss epss 0.08

    BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access.

  • CVE-2007-3447Jun 27, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected.

  • CVE-2007-3448Jun 27, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. NOTE: 4.0.2 and other versions might also be affected.

  • CVE-2007-3449Jun 27, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

  • CVE-2007-3450Jun 27, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2007-3451Jun 27, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter.

  • CVE-2007-3452Jun 27, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action.

  • CVE-2007-3453Jun 27, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the selmenuid parameter to certain components.

  • CVE-2007-3454Jun 27, 2007
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this…

  • CVE-2007-3455Jun 27, 2007
    risk 0.00cvss epss 0.03

    cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user…

  • CVE-2006-7208Jun 26, 2007
    risk 0.03cvss epss 0.05

    PHP remote file inclusion vulnerability in download.php in the Adam van Dongen Forum (com_forum) component (aka phpBB component) 1.2.4RC3 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

  • CVE-2007-3411Jun 26, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the image_id parameter.

  • CVE-2007-3412Jun 26, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter.

  • CVE-2007-3413Jun 26, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.50 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GridSearch, (2) gsearch, or (3) ParentID parameter to an unspecified component.

  • CVE-2007-3414Jun 26, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) od and (2) search parameters to (a) suppliersList.asp and (b) contactsList.asp.