VYPR

CVEs

344,668 total · page 6402 of 6,894

  • CVE-2007-2608May 11, 2007
    risk 0.04cvss epss 0.08

    PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter.

  • CVE-2007-2609May 11, 2007
    risk 0.04cvss epss 0.10

    Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR…

  • CVE-2007-2610May 11, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and 1.1-modified before 1.1-modified3, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the Search feature, possibly the term parameter.

  • CVE-2007-2611May 11, 2007
    risk 0.04cvss epss 0.08

    Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to (1) mtdialogo.php, (2) ltdialogo.php, (3) login.php, and (4) logingecon.php in inc/; and multiple unspecified files in…

  • CVE-2007-2612May 11, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a "modified installation."

  • CVE-2007-2613May 11, 2007
    risk 0.00cvss epss 0.01

    WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable.

  • CVE-2007-2614May 11, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in examples/widget8.php in phpHtmlLib 2.4.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter.

  • CVE-2007-2615May 11, 2007
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/db.php, and (3) libs/ftp.php.

  • CVE-2007-1262May 11, 2007
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not…

  • CVE-2007-2522May 11, 2007
    risk 0.02cvss epss 0.27

    Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.

  • CVE-2007-2523May 11, 2007
    risk 0.03cvss epss 0.01

    CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in…

  • CVE-2007-2589May 11, 2007
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.

  • CVE-2007-2590May 11, 2007
    risk 0.00cvss epss 0.02

    Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1)…

  • CVE-2007-2591May 11, 2007
    risk 0.00cvss epss 0.02

    usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account…

  • CVE-2007-2592May 11, 2007
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML…

  • CVE-2007-2593May 11, 2007
    risk 0.01cvss epss 0.09

    The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the…

  • CVE-2007-0244May 11, 2007
    risk 0.00cvss epss 0.02

    pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer…

  • CVE-2006-7195May 10, 2007
    risk 0.00cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.

  • CVE-2006-7196May 10, 2007
    risk 0.09cvss epss 0.72

    Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to…

  • CVE-2007-1280May 10, 2007
    risk 0.03cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving…

  • CVE-2007-1358May 10, 2007
    risk 0.02cvss epss 0.20

    Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

  • CVE-2007-1858May 10, 2007
    risk 0.01cvss epss 0.18

    The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified…

  • CVE-2007-2582May 10, 2007
    risk 0.02cvss epss 0.27

    Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2)…

  • CVE-2007-2583May 10, 2007
    risk 0.04cvss epss 0.11

    The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

  • CVE-2007-2584May 10, 2007
    risk 0.04cvss epss 0.10

    Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument.

  • CVE-2007-2585May 10, 2007
    risk 0.04cvss epss 0.07

    Stack-based buffer overflow in the Verify function in the BarCodeWiz ActiveX control 2.0 and 2.52 (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument.

  • CVE-2007-2586May 10, 2007
    risk 0.04cvss epss 0.14

    The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY…

  • CVE-2007-2587May 10, 2007
    risk 0.00cvss epss 0.02

    The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244).

  • CVE-2007-2588May 10, 2007
    risk 0.04cvss epss 0.07

    Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa.ocx) 3.2 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) HttpDownloadFile, (2) Open, (3) OpenWebFile, (4) DoOleCommand, (5)…

  • CVE-2007-2569May 9, 2007
    risk 0.04cvss epss 0.08

    Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/.

  • CVE-2007-2570May 9, 2007
    risk 0.04cvss epss 0.08

    PHP remote file inclusion vulnerability in handlers/page/show.php in Wikivi5 allows remote attackers to execute arbitrary PHP code via a URL in the sous_rep parameter.

  • CVE-2007-2571May 9, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.

  • CVE-2007-2572May 9, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in modules/noevents/templates/mfa_theme.php in NoAh (aka PHP Content Architect, phparch) 0.9 pre 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpls[1] parameter.

  • CVE-2007-2573May 9, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in PHPtree 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_dir parameter.

  • CVE-2007-2574May 9, 2007
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter.

  • CVE-2007-2575May 9, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in watermark.php in the vm (aka Jean-Francois Laflamme) watermark 0.4.1 mod for Gallery allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.

  • CVE-2007-2576May 9, 2007
    risk 0.03cvss epss 0.05

    Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ActiveX control allows user-assisted remote attackers to execute arbitrary code via a long OpenDVD property value. NOTE: this issue might be related to CVE-2007-0976.

  • CVE-2007-2577May 9, 2007
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to execute arbitrary SQL commands via (1) the mode parameter to feeds.php, the (2) form[cat] parameter to (a) news/list/index.php or (b) certain news/details/id_*/action_create/index.php files, or…

  • CVE-2007-2578May 9, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in search/list/action_search/index.php in ACP3 4.0 beta 3 allows remote attackers to have unknown impact, relating to "Cookie Manipulation", via the form[search_term] parameter.

  • CVE-2007-2579May 9, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to inject arbitrary web script or HTML via (1) the form[mail] parameter to contact/contact/index.php; the (2) form[mods][] or (3) form[search_term] parameter to…

  • CVE-2007-2580May 9, 2007
    risk 0.03cvss epss 0.01

    Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script.

  • CVE-2007-2581May 9, 2007
    risk 0.06cvss epss 0.36

    Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as…

  • CVE-2006-7202May 9, 2007
    risk 0.00cvss epss 0.01

    The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors.

  • CVE-2007-2556May 9, 2007
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI.

  • CVE-2007-2557May 9, 2007
    risk 0.00cvss epss 0.01

    MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2007-2558May 9, 2007
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS (pfa CMS) 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this issue since $repinc is set to a constant value before use

  • CVE-2007-2559May 9, 2007
    risk 0.00cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in american cart 3.5 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php, (2) checkout.php, and (3) libsecure.php.

  • CVE-2007-2560May 9, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter.

  • CVE-2007-2561May 9, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-6115.

  • CVE-2007-2562May 9, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter.