VYPR

CVEs

344,668 total · page 6408 of 6,894

  • CVE-2007-2312Apr 26, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as…

  • CVE-2007-2313Apr 26, 2007
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.

  • CVE-2007-2314Apr 26, 2007
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter to (a) configurer.php, (b) connect.php, (c) delete.php, (d)…

  • CVE-2007-2315Apr 26, 2007
    risk 0.00cvss epss 0.02

    MiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections.

  • CVE-2007-2316Apr 26, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser."

  • CVE-2007-2317Apr 26, 2007
    risk 0.04cvss epss 0.08

    Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1)…

  • CVE-2007-2318Apr 26, 2007
    risk 0.00cvss epss 0.04

    Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information.

  • CVE-2007-2319Apr 26, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in the AutoStand 1.1 and earlier module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to mod_as_category.php in (1) modules/mod_as_category/ or (2) modules/.

  • CVE-2007-2320Apr 26, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier allows remote attackers to execute arbitrary SQL commands via the menuid parameter, a different vector than CVE-2005-4478.

  • CVE-2007-1683Apr 26, 2007
    risk 0.06cvss epss 0.38

    Stack-based buffer overflow in the DoWebMenuAction function in the IncrediMail IMMenuShellExt ActiveX control (ImShExt.dll) allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2007-2291Apr 26, 2007
    risk 0.02cvss epss 0.20

    CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute.

  • CVE-2007-2292Apr 26, 2007
    risk 0.01cvss epss 0.13

    CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

  • CVE-2007-2293Apr 26, 2007
    risk 0.05cvss epss 0.24

    Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as…

  • CVE-2007-2294Apr 26, 2007
    risk 0.00cvss epss 0.04

    The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.

  • CVE-2007-2295Apr 26, 2007
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file.

  • CVE-2007-2296Apr 26, 2007
    risk 0.00cvss epss 0.06

    Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quicktime 7.1.5, and other versions before 7.2, allows remote attackers to execute arbitrary code via a crafted M4V (MP4) file.

  • CVE-2007-2297Apr 26, 2007
    risk 0.00cvss epss 0.02

    The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).

  • CVE-2007-2282Apr 26, 2007
    risk 0.00cvss epss 0.05

    Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system.

  • CVE-2007-2283Apr 26, 2007
    risk 0.04cvss epss 0.07

    Buffer overflow in Fresh View 7.15 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file.

  • CVE-2007-2284Apr 26, 2007
    risk 0.04cvss epss 0.07

    Buffer overflow in ABC-View Manager 1.42 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file.

  • CVE-2007-2285Apr 26, 2007
    risk 0.04cvss epss 0.12

    Directory traversal vulnerability in examples/layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1 (Ext JS) allows remote attackers to read arbitrary files via a .. (dot dot) in the feed parameter. NOTE: analysis by third party researchers indicates that this issue might be…

  • CVE-2007-2286Apr 26, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in config.php in Built2Go PHP Link Portal 1.79 allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_db parameter.

  • CVE-2007-2287Apr 26, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in accept.php in comus 2.0 Final allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.

  • CVE-2007-2288Apr 26, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in info.php in Doruk100.net doruk100net allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

  • CVE-2007-2289Apr 26, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insert_link.php in download engine (Download-Engine) 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spaw_root parameter, a different vector than CVE-2007-2255. NOTE:…

  • CVE-2007-2290Apr 26, 2007
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap…

  • CVE-2006-7197Apr 25, 2007
    risk 0.01cvss epss 0.08

    The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.

  • CVE-2007-2139Apr 25, 2007
    risk 0.09cvss epss 0.78

    Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection…

  • CVE-2007-2265Apr 25, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows remote attackers to inject arbitrary web script or HTML via the City field in a sign action in index.php.

  • CVE-2007-2266Apr 25, 2007
    risk 0.00cvss epss 0.02

    Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file…

  • CVE-2007-2267Apr 25, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote authenticated users, operating from a different cluster node, to cause a denial of service (data corruption or send_mondo panic) via unspecified vectors, as demonstrated by EMC…

  • CVE-2007-2268Apr 25, 2007
    risk 0.03cvss epss 0.04

    Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3.

  • CVE-2007-2269Apr 25, 2007
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter.

  • CVE-2007-2270Apr 25, 2007
    risk 0.04cvss epss 0.09

    The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.

  • CVE-2007-2271Apr 25, 2007
    risk 0.04cvss epss 0.08

    Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Distribution 1.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the dnld parameter.

  • CVE-2007-2272Apr 25, 2007
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in docs/front-end-demo/cart2.php in Advanced Webhost Billing System (AWBS) 2.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the workdir parameter.

  • CVE-2007-2273Apr 25, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in include/loading.php in Alessandro Lulli wavewoo 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter.

  • CVE-2007-2274Apr 25, 2007
    risk 0.04cvss epss 0.08

    The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this as a memory leak, but it is not certain.

  • CVE-2007-2275Apr 25, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in HP StorageWorks Command View Advanced Edition for XP before 5.6.0-01, XP Replication Monitor before 5.6.0-01, and XP Tiered Storage Manager before 5.5.0-02 allows local users to access other accounts via unspecified vectors during registration or…

  • CVE-2007-2276Apr 25, 2007
    risk 0.00cvss epss 0.02

    3Com TippingPoint IPS allows remote attackers to cause a denial of service (device hang) via a flood of packets on TCP port 80 with sequentially increasing source ports, related to a "badly written loop." NOTE: the vendor disputes this issue, stating that the product has…

  • CVE-2007-2277Apr 25, 2007
    risk 0.00cvss epss 0.01

    Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

  • CVE-2007-2278Apr 25, 2007
    risk 0.00cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the path parameter to library/adodb/adodb.inc.php, (2) the abs_path_editor parameter to library/editor/editor.php, or (3) the…

  • CVE-2007-2252Apr 25, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter.

  • CVE-2007-2253Apr 25, 2007
    risk 0.00cvss epss 0.01

    Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php.

  • CVE-2007-2254Apr 25, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in admin/setup/level2.php in PHP Classifieds 6.04, and probably earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this product was referred to as "Allfaclassfieds" in the…

  • CVE-2007-2255Apr 25, 2007
    risk 0.00cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path parameter to admin/enginelib/class.phpmailer.php, and the (3) spaw_root…

  • CVE-2007-2256Apr 25, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

  • CVE-2007-2257Apr 25, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

  • CVE-2007-2258Apr 25, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.

  • CVE-2007-2259Apr 25, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in forum.php in EsForum 3.0 allows remote attackers to execute arbitrary SQL commands via the idsalon parameter.