VYPR

CVEs

344,683 total · page 6393 of 6,894

  • CVE-2007-3092Jun 6, 2007
    risk 0.02cvss epss 0.20

    Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other…

  • CVE-2007-3093Jun 6, 2007
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server.

  • CVE-2007-3094Jun 6, 2007
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.

  • CVE-2007-2237MedJun 6, 2007
    risk 0.40cvss 5.5epss 0.15

    Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.

  • CVE-2007-0067Jun 6, 2007
    risk 0.01cvss epss 0.14

    Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x before 6.5.6, and 7.0.x before 7.0.3 allows remote attackers to cause a denial of service (daemon crash) via requests for URLs that reference certain files.

  • CVE-2007-2419Jun 6, 2007
    risk 0.00cvss epss 0.06

    Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the…

  • CVE-2007-2514Jun 6, 2007
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this…

  • CVE-2007-3069Jun 6, 2007
    risk 0.00cvss epss 0.00

    xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence.

  • CVE-2007-3070Jun 6, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in BDigital Web Solutions WebStudio allows remote attackers to inject arbitrary web script or HTML via the pageid parameter.

  • CVE-2007-3071Jun 6, 2007
    risk 0.03cvss epss 0.06

    Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument.

  • CVE-2007-3072Jun 6, 2007
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI.

  • CVE-2007-3073Jun 6, 2007
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI.

  • CVE-2007-3074Jun 6, 2007
    risk 0.00cvss epss 0.01

    Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI.

  • CVE-2007-3075Jun 6, 2007
    risk 0.01cvss epss 0.16

    Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences.

  • CVE-2007-3076Jun 6, 2007
    risk 0.03cvss epss 0.03

    A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function.

  • CVE-2007-3077Jun 6, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the rank parameter.

  • CVE-2007-3078Jun 6, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter (Authors and Publication titles) to (1) authoractions.php or (2) publicationactions.php.

  • CVE-2007-3079Jun 6, 2007
    risk 0.00cvss epss 0.01

    listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to obtain sensitive information via an invalid compare parameter, which reveals the path.

  • CVE-2007-3080Jun 6, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2007-3081Jun 6, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in sampleecommerce.php in Comdev eCommerce 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.

  • CVE-2007-3082Jun 6, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sc_language parameter.

  • CVE-2007-3083Jun 6, 2007
    risk 0.00cvss epss 0.01

    Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb.

  • CVE-2007-3084Jun 6, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter, a different vector than CVE-2006-5441.

  • CVE-2007-3085Jun 6, 2007
    risk 0.00cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in PBSite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dbpath parameter to (a) useronline.php, (b) ucp.php, (c) setcookie.php, (d) sendpm.php, (e) search.php, (f) register.php, (g) profile.php, (h)…

  • CVE-2007-3086Jun 6, 2007
    risk 0.03cvss epss 0.01

    Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier allows local users to cause a denial of service (system hang) by capturing the outpost_ipc_hdr mutex.

  • CVE-2007-3087Jun 6, 2007
    risk 0.00cvss epss 0.01

    Peercast places a cleartext password in a query string, which might allow attackers to obtain sensitive information by sniffing the network, or obtaining Referer or browser history information.

  • CVE-2007-3088Jun 6, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter.

  • CVE-2007-3049Jun 6, 2007
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Buttercup web file manager (BWFM) May 2007 allows remote attackers to inject arbitrary web script or HTML via the title parameter.

  • CVE-2007-3050Jun 6, 2007
    risk 0.00cvss epss 0.02

    Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

  • CVE-2007-3051Jun 6, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie.

  • CVE-2007-3052Jun 6, 2007
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter.

  • CVE-2007-3053Jun 6, 2007
    risk 0.00cvss epss 0.01

    Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

  • CVE-2007-3054Jun 6, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third…

  • CVE-2007-3055Jun 6, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

  • CVE-2007-3056Jun 6, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter.

  • CVE-2007-3057Jun 6, 2007
    risk 0.08cvss epss 0.69

    PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.

  • CVE-2007-3058Jun 6, 2007
    risk 0.00cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than CVE-2007-2826. NOTE: the…

  • CVE-2007-3059Jun 6, 2007
    risk 0.00cvss epss 0.01

    SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sc_language parameter to sendcard.php, which reveals the path in an error message.

  • CVE-2007-3060Jun 6, 2007
    risk 0.03cvss epss 0.05

    Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name]…

  • CVE-2007-3061Jun 6, 2007
    risk 0.03cvss epss 0.03

    Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.

  • CVE-2007-3062Jun 6, 2007
    risk 0.00cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-3063Jun 6, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter.

  • CVE-2007-3064Jun 6, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter.

  • CVE-2007-3065Jun 6, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862.

  • CVE-2007-3066Jun 6, 2007
    risk 0.00cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) view.inc.php, (2) users.inc.php, (3) updatecms.inc.php, and (4) polls.inc.php in inc/; and…

  • CVE-2007-3067Jun 6, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow, (2) sortkey, and (3) show parameters to…

  • CVE-2007-3068Jun 6, 2007
    risk 0.06cvss epss 0.33

    Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename.

  • CVE-2007-3042Jun 5, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Meneame before 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-3043Jun 5, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus Collaboration Portal…

  • CVE-2007-3044Jun 5, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi XP/W on HI-UX/WE2 before 20070319, and XP/W on HP-UX before 20070405, allows remote attackers to cause a denial of service via certain data to the service port.