VYPR

CVEs

344,672 total · page 6399 of 6,894

  • CVE-2007-2738May 17, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action.

  • CVE-2007-2739May 17, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-2740May 17, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in xajax before 0.2.5 has unknown impact and attack vectors, not related to XSS.

  • CVE-2007-2741May 17, 2007
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.

  • CVE-2007-2742May 17, 2007
    risk 0.00cvss epss 0.01

    Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 Beta4 allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as .php.jpg.

  • CVE-2007-2743May 17, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter.

  • CVE-2007-2744May 17, 2007
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll allows remote attackers to cause a denial of service (Internet Explorer 6 crash), and possibly execute arbitrary code, via a long argument to the SaveBarCode method. NOTE: this…

  • CVE-2007-1173May 16, 2007
    risk 0.01cvss epss 0.08

    Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a…

  • CVE-2007-1898May 16, 2007
    risk 0.03cvss epss 0.03

    formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.

  • CVE-2007-2445May 16, 2007
    risk 0.00cvss epss 0.05

    The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.

  • CVE-2007-2568May 16, 2007
    risk 0.04cvss epss 0.06

    Multiple stack-based buffer overflows in VCDGear 3.55 allow user-assisted remote attackers to execute arbitrary code via a long (1) tag or (2) track type in a CUE file.

  • CVE-2007-2722May 16, 2007
    risk 0.03cvss epss 0.03

    Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service (application instability) via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an "n,"…

  • CVE-2007-2723MedMay 16, 2007
    risk 0.36cvss 5.5epss 0.01

    Media Player Classic 6.4.9.0 allows user-assisted remote attackers to cause a denial of service (web browser crash) via an "empty" .MPA file, which triggers a divide-by-zero error.

  • CVE-2007-2724May 16, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter.

  • CVE-2007-2725May 16, 2007
    risk 0.03cvss epss 0.02

    The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control allows remote attackers to overwrite arbitrary files via the SaveToFile function.

  • CVE-2007-2726May 16, 2007
    risk 0.03cvss epss 0.03

    BitsCast 0.13.0 allows remote attackers to cause a denial of service (application crash) via an RSS 2.0 feed item with certain invalid strings in a pubDate element, as demonstrated by repeated "../A" or "A/../" patterns.

  • CVE-2007-2727May 16, 2007
    risk 0.00cvss epss 0.02

    The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow…

  • CVE-2007-2728May 16, 2007
    risk 0.00cvss epss 0.02

    The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue.

  • CVE-2007-2729May 16, 2007
    risk 0.00cvss epss 0.00

    Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users…

  • CVE-2007-2730May 16, 2007
    risk 0.00cvss epss 0.00

    Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain…

  • CVE-2007-2731May 16, 2007
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF (%0A) sequences in the subject parameter, a related issue to CVE-2007-1898.

  • CVE-2007-2732May 16, 2007
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname,…

  • CVE-2007-2733May 16, 2007
    risk 0.00cvss epss 0.01

    Unrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vectors, which can be accessed in webfiles/. NOTE: this issue might be a duplicate of CVE-2004-1448.

  • CVE-2007-2734May 16, 2007
    risk 0.00cvss epss 0.02

    The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic.

  • CVE-2007-1689May 16, 2007
    risk 0.08cvss epss 0.64

    Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.

  • CVE-2007-2721May 16, 2007
    risk 0.00cvss epss 0.02

    The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using…

  • CVE-2007-2439May 16, 2007
    risk 0.00cvss epss 0.02

    Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to cause a denial of service (device hang) and read data from a COM or LPT device via a DOS device name with an arbitrary extension.

  • CVE-2007-2440May 16, 2007
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence.

  • CVE-2007-2441May 16, 2007
    risk 0.03cvss epss 0.03

    Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files.

  • CVE-2007-2716May 16, 2007
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. NOTE: some of these details are obtained from third party information.

  • CVE-2007-2717May 16, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537.

  • CVE-2007-2718May 16, 2007
    risk 0.04cvss epss 0.16

    Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags.

  • CVE-2007-2719May 16, 2007
    risk 0.00cvss epss 0.04

    Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.

  • CVE-2007-2720May 16, 2007
    risk 0.00cvss epss 0.01

    Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party information.

  • CVE-2007-2706May 16, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter.

  • CVE-2007-2707May 16, 2007
    risk 0.08cvss epss 0.68

    PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter.

  • CVE-2007-2708May 16, 2007
    risk 0.08cvss epss 0.62

    PHP remote file inclusion vulnerability in newsadmin.php in Feindt Computerservice News (News-Script) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.

  • CVE-2007-2709May 16, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2005 2.00 allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][physical] parameter.

  • CVE-2007-2710May 16, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2.00-P00 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][IT] parameter. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2007-2711May 16, 2007
    risk 0.08cvss epss 0.63

    Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows remote attackers to execute arbitrary code via a long string to TCP port 113.

  • CVE-2007-2712May 16, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in MH Software Connect Daily before 3.3.3 has unknown impact and attack vectors.

  • CVE-2007-2713May 16, 2007
    risk 0.00cvss epss 0.03

    ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI.

  • CVE-2007-2714May 16, 2007
    risk 0.04cvss epss 0.11

    Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors.

  • CVE-2007-2715May 16, 2007
    risk 0.04cvss epss 0.10

    Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action.

  • CVE-2007-2688May 16, 2007
    risk 0.00cvss epss 0.03

    The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.

  • CVE-2007-2689May 16, 2007
    risk 0.00cvss epss 0.02

    Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.

  • CVE-2007-2690May 16, 2007
    risk 0.00cvss epss 0.02

    Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.

  • CVE-2007-2691May 16, 2007
    risk 0.00cvss epss 0.03

    MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

  • CVE-2007-2692May 16, 2007
    risk 0.00cvss epss 0.02

    The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

  • CVE-2007-2693May 16, 2007
    risk 0.00cvss epss 0.02

    MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.