VYPR

CVEs

344,664 total · page 6413 of 6,894

  • CVE-2007-2083Apr 18, 2007
    risk 0.03cvss epss 0.01

    vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted…

  • CVE-2007-1558Apr 16, 2007
    risk 0.00cvss epss 0.02

    The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird…

  • CVE-2007-2042Apr 16, 2007
    risk 0.00cvss epss 0.01

    Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite 1.0.6 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) support.html.php or (2) info.html.php. …

  • CVE-2007-2043Apr 16, 2007
    risk 0.04cvss epss 0.07

    Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or…

  • CVE-2007-2044Apr 16, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.

  • CVE-2007-2045Apr 16, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (CPU consumption) via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments.

  • CVE-2007-2046Apr 16, 2007
    risk 0.00cvss epss 0.01

    Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF…

  • CVE-2007-2047Apr 16, 2007
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE:…

  • CVE-2007-2048Apr 16, 2007
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. (dot dot) in the resource parameter.

  • CVE-2007-2049Apr 16, 2007
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php.

  • CVE-2007-2050Apr 16, 2007
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) a lang cookie or (2) the language parameter.

  • CVE-2007-2051Apr 16, 2007
    risk 0.00cvss epss 0.01

    Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable.

  • CVE-2007-2052Apr 16, 2007
    risk 0.04cvss epss 0.12

    Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a…

  • CVE-2007-1745Apr 16, 2007
    risk 0.00cvss epss 0.02

    The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are…

  • CVE-2007-1997Apr 16, 2007
    risk 0.00cvss epss 0.05

    Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison…

  • CVE-2007-2031Apr 16, 2007
    risk 0.04cvss epss 0.15

    Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests.

  • CVE-2007-2032Apr 16, 2007
    risk 0.00cvss epss 0.02

    Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014.

  • CVE-2007-2033Apr 16, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596.

  • CVE-2007-2034Apr 16, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190.

  • CVE-2007-2035Apr 16, 2007
    risk 0.00cvss epss 0.02

    Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301.

  • CVE-2007-2036Apr 16, 2007
    risk 0.00cvss epss 0.03

    The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384.

  • CVE-2007-2037Apr 16, 2007
    risk 0.00cvss epss 0.01

    Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic.

  • CVE-2007-2038Apr 16, 2007
    risk 0.00cvss epss 0.01

    The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2)…

  • CVE-2007-2039Apr 16, 2007
    risk 0.00cvss epss 0.01

    The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2)…

  • CVE-2007-2040Apr 16, 2007
    risk 0.00cvss epss 0.00

    Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.

  • CVE-2007-2041Apr 16, 2007
    risk 0.00cvss epss 0.01

    Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195.

  • CVE-2007-2030Apr 16, 2007
    risk 0.00cvss epss 0.00

    lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.

  • CVE-2007-1748Apr 13, 2007
    risk 0.09cvss epss 0.79

    Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants…

  • CVE-2007-1871Apr 13, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the login_name parameter to /stats/.

  • CVE-2007-1872Apr 13, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id.

  • CVE-2007-1873Apr 13, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script.

  • CVE-2007-2022Apr 13, 2007
    risk 0.00cvss epss 0.05

    Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.

  • CVE-2007-2023Apr 13, 2007
    risk 0.00cvss epss 0.00

    USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function.

  • CVE-2007-2024Apr 13, 2007
    risk 0.00cvss epss 0.03

    Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.

  • CVE-2007-2025Apr 13, 2007
    risk 0.00cvss epss 0.03

    Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.

  • CVE-2007-2026Apr 13, 2007
    risk 0.00cvss epss 0.02

    The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as…

  • CVE-2007-2027Apr 13, 2007
    risk 0.03cvss epss 0.01

    Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format…

  • CVE-2007-2028Apr 13, 2007
    risk 0.00cvss epss 0.02

    Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not…

  • CVE-2007-1742Apr 13, 2007
    risk 0.00cvss epss 0.01

    suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and…

  • CVE-2007-1743Apr 13, 2007
    risk 0.00cvss epss 0.01

    suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable,…

  • CVE-2007-1741Apr 13, 2007
    risk 0.00cvss epss 0.01

    Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is…

  • CVE-2006-7193Apr 12, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant

  • CVE-2007-1998Apr 12, 2007
    risk 0.04cvss epss 0.09

    Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php.

  • CVE-2007-1999Apr 12, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter.

  • CVE-2007-2000Apr 12, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter.

  • CVE-2007-2001Apr 12, 2007
    risk 0.03cvss epss 0.02

    Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into…

  • CVE-2007-2002Apr 12, 2007
    risk 0.03cvss epss 0.02

    InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie.

  • CVE-2007-2003Apr 12, 2007
    risk 0.03cvss epss 0.02

    InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect.

  • CVE-2007-2004Apr 12, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors.

  • CVE-2007-2005Apr 12, 2007
    risk 0.04cvss epss 0.07

    Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3)…