VYPR

CVEs

344,672 total · page 6398 of 6,894

  • CVE-2007-2774May 21, 2007
    risk 0.03cvss epss 0.04

    Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) _connect.php or (2) modules/startup.php.

  • CVE-2007-2775May 21, 2007
    risk 0.03cvss epss 0.05

    AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php.

  • CVE-2007-2776May 21, 2007
    risk 0.04cvss epss 0.09

    AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to…

  • CVE-2007-2777May 21, 2007
    risk 0.04cvss epss 0.06

    Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/.

  • CVE-2007-2778May 21, 2007
    risk 0.03cvss epss 0.04

    Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to index.php and other unspecified PHP scripts.

  • CVE-2007-2779May 21, 2007
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in template_csv.php in Libstats 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rInfo[content] parameter.

  • CVE-2007-2780May 21, 2007
    risk 0.03cvss epss 0.03

    PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message.

  • CVE-2007-2781May 21, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in include/sessionRegister.php in WikyBlog before 1.4.13 allows remote attackers to inject arbitrary web script or HTML, probably via vectors related to a certain data2 array element.

  • CVE-2007-2782May 21, 2007
    risk 0.00cvss epss 0.02

    Packeteer PacketShaper uses fixed increments in TCP initial sequence number (ISN) values, which allows remote attackers to predict the ISN value, and perform session hijacking or disruption.

  • CVE-2007-2783May 21, 2007
    risk 0.04cvss epss 0.07

    Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 and earlier allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors. NOTE: this issue has no actionable information, and perhaps should not be included in CVE.

  • CVE-2007-2784May 21, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its…

  • CVE-2007-2785May 21, 2007
    risk 0.00cvss epss 0.01

    manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to create additional administrative accounts, and have other unspecified impact, via modified username, new_pass, new_pass2, status, super, and certain other parameters in an add action.

  • CVE-2007-2786May 21, 2007
    risk 0.00cvss epss 0.02

    Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote attackers to cause a denial of service (resource exhaustion) by making many requests from a single client.

  • CVE-2007-2787May 21, 2007
    risk 0.04cvss epss 0.07

    Stack-based buffer overflow in the BrowseDir function in the (1) lttmb14E.ocx or (2) LTRTM14e.DLL ActiveX control in LeadTools Raster Thumbnail Object Library 14.5.0.44 allows remote attackers to execute arbitrary code via a long argument.

  • CVE-2007-2770May 21, 2007
    risk 0.03cvss epss 0.03

    Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. NOTE: the user must click through a warning about a possible buffer overflow exploit to trigger this issue.

  • CVE-2007-2771May 21, 2007
    risk 0.04cvss epss 0.09

    Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property.

  • CVE-2007-2772May 21, 2007
    risk 0.04cvss epss 0.12

    (1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet.

  • CVE-2007-1355May 21, 2007
    risk 0.08cvss epss 0.58

    Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web…

  • CVE-2007-2684May 21, 2007
    risk 0.00cvss epss 0.02

    Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[]…

  • CVE-2007-2685May 21, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter.

  • CVE-2007-2767May 21, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 allows remote attackers to list filesystem contents and obtain sensitive information via unknown vectors.

  • CVE-2007-2768May 21, 2007
    risk 0.01cvss epss 0.09

    OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to…

  • CVE-2007-2769May 21, 2007
    risk 0.00cvss epss 0.03

    BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file.

  • CVE-2007-2757May 18, 2007
    risk 0.03cvss epss 0.05

    Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) wp-content/themes/redoable/searchloop.php or (2) wp-content/themes/redoable/header.php.

  • CVE-2007-2758May 18, 2007
    risk 0.00cvss epss 0.06

    Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers (1) a stack-based buffer overflow during extraction, or (2) a…

  • CVE-2007-2759May 18, 2007
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in the insert function in the ValuePreference class (grid/ed/ValuePreference.java) in Adempiere before 3.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) m_Attribute or (2) m_Value parameter. NOTE: some of these…

  • CVE-2007-2760May 18, 2007
    risk 0.00cvss epss 0.02

    The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party information.

  • CVE-2007-2761May 18, 2007
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier allows remote attackers to execute arbitrary code via a long filename in a .cue file.

  • CVE-2007-2762May 18, 2007
    risk 0.04cvss epss 0.10

    Multiple PHP remote file inclusion vulnerabilities in Build it Fast (bif3) 0.4.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the pear_dir parameter to Base/Application.php, or the (2) sys_dir parameter to (a) Footer.php, (b) widget.BifContainer.php, (c)…

  • CVE-2007-2763May 18, 2007
    risk 0.04cvss epss 0.08

    Buffer overflow in the UnlockSupport function in the LockModules subsystem in a certain ActiveX control in ltmm15.dll in Sienzo Digital Music Mentor (DMM) 2.6.0.4 allows remote attackers to execute arbitrary code via a long string in the second argument, a different issue than…

  • CVE-2007-2764May 18, 2007
    risk 0.00cvss epss 0.02

    The embedded Linux kernel in certain Sun-Brocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) via unspecified vectors.

  • CVE-2007-2765May 18, 2007
    risk 0.00cvss epss 0.02

    blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by…

  • CVE-2007-2766May 18, 2007
    risk 0.00cvss epss 0.00

    lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh.

  • CVE-2007-2682May 18, 2007
    risk 0.00cvss epss 0.03

    The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as used in Adobe Creative Suite 3 (CS3), does not re-enable the personal firewall after completing the product installation, which allows remote attackers to bypass intended firewall rules.

  • CVE-2007-2756May 18, 2007
    risk 0.00cvss epss 0.04

    The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng.

  • CVE-2007-2755May 17, 2007
    risk 0.03cvss epss 0.04

    The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744.

  • CVE-2007-2754May 17, 2007
    risk 0.00cvss epss 0.06

    Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.

  • CVE-2007-1693May 17, 2007
    risk 0.00cvss epss 0.02

    The SIP channel module in Yet Another Telephony Engine (Yate) before 1.2.0 sets the caller_info_uri parameter using an incorrect variable that can be NULL, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a Call-Info header…

  • CVE-2007-2745May 17, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webmail 4.03 allows remote attackers to inject arbitrary web script or HTML via the type parameter.

  • CVE-2007-2746May 17, 2007
    risk 0.00cvss epss 0.01

    The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified…

  • CVE-2007-2747May 17, 2007
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to the /browse URI.

  • CVE-2007-2748May 17, 2007
    risk 0.00cvss epss 0.01

    The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.

  • CVE-2007-2749May 17, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action.

  • CVE-2007-2750May 17, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter.

  • CVE-2007-2751May 17, 2007
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter to (1) admin/inc/change_action.php or (2) admin/inc/add.php.

  • CVE-2007-2752May 17, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in devami.asp in RunawaySoft Haber portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-2753May 17, 2007
    risk 0.03cvss epss 0.05

    RunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb.

  • CVE-2007-2735May 17, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id_reserv parameter.

  • CVE-2007-2736May 17, 2007
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.

  • CVE-2007-2737May 17, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.