VYPR

CVEs

344,683 total · page 6388 of 6,894

  • CVE-2007-3320Jun 21, 2007
    risk 0.00cvss epss 0.01

    The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact.

  • CVE-2007-3321Jun 21, 2007
    risk 0.00cvss epss 0.01

    The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware allows remote attackers to cause a denial of service (device reboot) via a flood of packets to the BOOTP port (68/udp).

  • CVE-2007-3322Jun 21, 2007
    risk 0.00cvss epss 0.01

    The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware uses a constant media port number for calls, which allows remote attackers to cause a denial of service (audio quality loss) via a flood of packets to the RTP port.

  • CVE-2007-3323Jun 21, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. NOTE: this might be the same as CVE-2005-2190.2.

  • CVE-2007-3324Jun 21, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681.

  • CVE-2007-3325Jun 21, 2007
    risk 0.08cvss epss 0.64

    PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.

  • CVE-2007-3326Jun 21, 2007
    risk 0.00cvss epss 0.01

    Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php,…

  • CVE-2007-3327Jun 21, 2007
    risk 0.03cvss epss 0.03

    httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sensitive information (script source code) via a URI with a trailing %20 (encoded space).

  • CVE-2007-3328Jun 21, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f)…

  • CVE-2007-3329Jun 21, 2007
    risk 0.00cvss epss 0.03

    Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file.

  • CVE-2007-3330Jun 21, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization.

  • CVE-2007-3331Jun 21, 2007
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via (1) a certain HTML form that is posted automatically by JavaScript or (2) a news post.

  • CVE-2007-2398Jun 21, 2007
    risk 0.00cvss epss 0.03

    Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which…

  • CVE-2007-3311Jun 21, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-3305Jun 21, 2007
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word…

  • CVE-2007-3306Jun 21, 2007
    risk 0.08cvss epss 0.64

    PHP remote file inclusion vulnerability in crontab/run_billing.php in MiniBill 1.2.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter, a different vector than CVE-2006-4489.

  • CVE-2007-3307Jun 21, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.

  • CVE-2007-3308Jun 21, 2007
    risk 0.00cvss epss 0.01

    Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with insufficient randomization when creating a WAV file CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated brute-force attack.

  • CVE-2007-3309Jun 21, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote attackers to execute arbitrary PHP code during (1) creation or (2) editing of a message.

  • CVE-2007-3310Jun 21, 2007
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2007-3298Jun 20, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Spey before 0.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to MessageProcessor.cc and possibly other components.

  • CVE-2007-3299Jun 20, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when AllSearchStr (aka the All Search Terms report) is enabled, allows remote attackers to inject arbitrary web script or HTML via a search string.

  • CVE-2007-3300Jun 20, 2007
    risk 0.00cvss epss 0.04

    Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.

  • CVE-2007-3301Jun 20, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. NOTE: a patch may have been released privately between April and June 2007. NOTE: this issue may overlap…

  • CVE-2007-3303Jun 20, 2007
    risk 0.00cvss epss 0.01

    Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2)…

  • CVE-2007-3304Jun 20, 2007
    risk 0.00cvss epss 0.03

    Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1…

  • CVE-2007-3288Jun 20, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automattic Stats) 1.0 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer field.

  • CVE-2007-3289Jun 20, 2007
    risk 0.04cvss epss 0.12

    PHP remote file inclusion vulnerability in spaw/spaw_control.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.

  • CVE-2007-3290Jun 20, 2007
    risk 0.03cvss epss 0.03

    categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message.

  • CVE-2007-3291Jun 20, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php.

  • CVE-2007-3292Jun 20, 2007
    risk 0.03cvss epss 0.02

    Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article.

  • CVE-2007-3293Jun 20, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.

  • CVE-2007-3294Jun 20, 2007
    risk 0.04cvss epss 0.09

    Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the…

  • CVE-2007-3295Jun 20, 2007
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated…

  • CVE-2007-3296Jun 20, 2007
    risk 0.00cvss epss 0.02

    The ThunderServer.webThunder.1 ActiveX control in xunlei Web Thunderbolt 1.7.3.109 allows remote attackers to download arbitrary files and conduct other unauthorized actions by invoking dangerous methods.

  • CVE-2007-3297Jun 20, 2007
    risk 0.04cvss epss 0.09

    Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[ini_array][EXTLIB_PATH] parameter to (1) msDb.php, (2) modules/MusooTemplateLite.php, or (3) modules/SoundImporter.php.

  • CVE-2007-3285Jun 20, 2007
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to…

  • CVE-2007-3282Jun 19, 2007
    risk 0.06cvss epss 0.42

    Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method.

  • CVE-2007-3283Jun 19, 2007
    risk 0.00cvss epss 0.00

    GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console.

  • CVE-2007-3284Jun 19, 2007
    risk 0.03cvss epss 0.03

    corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name.

  • CVE-2007-2924Jun 19, 2007
    risk 0.01cvss epss 0.08

    Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX control (ghdlctl.dll) allow remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2007-3129Jun 19, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in login.php in Utopia News Pro 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the password parameter.

  • CVE-2007-3269Jun 19, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 before 20070611 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in a GET request or (2) the Title field of a visitor comment, and (3) allow remote authenticated users to inject…

  • CVE-2007-3270Jun 19, 2007
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in Includes/global.inc.php in phpMyInventory 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the strIncludePrefix parameter.

  • CVE-2007-3271Jun 19, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in templates/2blue/bodyTemplate.php in YourFreeScreamer 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter.

  • CVE-2007-3272Jun 19, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter in a register action.

  • CVE-2007-3273Jun 19, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2007-3274Jun 19, 2007
    risk 0.00cvss epss 0.01

    Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location.

  • CVE-2007-3275Jun 19, 2007
    risk 0.00cvss epss 0.01

    MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the…

  • CVE-2007-3276Jun 19, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Site@School (S@S) 2.4.10 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…