VYPR

CVEs

344,585 total · page 6418 of 6,892

  • CVE-2007-1736Mar 28, 2007
    risk 0.00cvss epss 0.01

    Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.

  • CVE-2007-1737Mar 28, 2007
    risk 0.00cvss epss 0.01

    Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.

  • CVE-2007-1738Mar 28, 2007
    risk 0.03cvss epss 0.01

    TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than…

  • CVE-2007-1739Mar 28, 2007
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory…

  • CVE-2007-1675Mar 28, 2007
    risk 0.08cvss epss 0.61

    Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username.

  • CVE-2007-1732Mar 28, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown; the details are…

  • CVE-2007-1725Mar 28, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges.

  • CVE-2007-1726Mar 28, 2007
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/.

  • CVE-2007-1727Mar 28, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors.

  • CVE-2007-1728Mar 28, 2007
    risk 0.00cvss epss 0.02

    The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstation Portable (PSP) 3.10 OE-A allows remote attackers to cause a denial of service via a flood of UDP packets.

  • CVE-2007-1729Mar 28, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 10005 Beta Release 1 allows remote attackers to execute arbitrary SQL commands via the flexbb_lang_id COOKIE parameter to index.php.

  • CVE-2007-1730Mar 28, 2007
    risk 0.03cvss epss 0.01

    Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value.

  • CVE-2007-1731Mar 28, 2007
    risk 0.00cvss epss 0.05

    Multiple stack-based buffer overflows in High Performance Anonymous FTP Server (hpaftpd) 1.01 allow remote attackers to execute arbitrary code via long arguments to the (1) USER, (2) PASS, (3) CWD, (4) MKD, (5) RMD, (6) DELE, (7) RNFR, or (8) RNTO FTP command.

  • CVE-2007-1717Mar 28, 2007
    risk 0.03cvss epss 0.05

    The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be…

  • CVE-2007-1718Mar 28, 2007
    risk 0.04cvss epss 0.07

    CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To…

  • CVE-2007-1719Mar 28, 2007
    risk 0.03cvss epss 0.01

    Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, and possibly other versions, allows local users to execute arbitrary code via a long command line argument, possibly involving the device name.

  • CVE-2007-1720Mar 28, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP…

  • CVE-2007-1721Mar 28, 2007
    risk 0.04cvss epss 0.13

    Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) Richtxt_functions.inc.php, (2) adddocfile.php, (3) auth_check.php, (4)…

  • CVE-2007-1722Mar 28, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in the DownloadCertificateExt function in SignKorea SKCommAX ActiveX control module 7.2.0.2 and 3280 6.6.0.1 allows remote attackers to execute arbitrary code via a long pszUserID argument.

  • CVE-2007-1723Mar 28, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) network, (2) defRouterIp, (3) hostName, (4) domainName, (5) ipAddress, (6)…

  • CVE-2007-1724Mar 28, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and attack vectors, related to a fix for "dozens of win32k bugs and failures," in which the fix itself introduces a vulnerability, possibly related to user-mode and kernel-mode copy failures.

  • CVE-2006-7175Mar 27, 2007
    risk 0.00cvss epss 0.01

    The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.

  • CVE-2006-7176Mar 27, 2007
    risk 0.00cvss epss 0.02

    The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.

  • CVE-2007-1716Mar 27, 2007
    risk 0.00cvss epss 0.00

    pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.

  • CVE-2007-1712Mar 27, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Auction Pro 7.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

  • CVE-2007-1713Mar 27, 2007
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, and BASP21 Pro 1.0.702.27 and earlier, allows remote attackers to inject arbitrary headers into e-mail messages via CRLF sequences in Subject lines.

  • CVE-2007-1714Mar 27, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter.

  • CVE-2007-1715Mar 27, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in frontpage.php in Free Image Hosting 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the forgot_pass.php vector is already covered by CVE-2006-5670, and the login.php…

  • CVE-2007-1695Mar 27, 2007
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks…

  • CVE-2007-1696Mar 27, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter 4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsPaperID parameter.

  • CVE-2007-1697Mar 27, 2007
    risk 0.09cvss epss 0.73

    PHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CssFile parameter.

  • CVE-2007-1698Mar 27, 2007
    risk 0.03cvss epss 0.03

    download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter.

  • CVE-2007-1699Mar 27, 2007
    risk 0.04cvss epss 0.11

    Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to…

  • CVE-2007-1700Mar 27, 2007
    risk 0.04cvss epss 0.09

    The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted…

  • CVE-2007-1701Mar 27, 2007
    risk 0.04cvss epss 0.09

    PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string…

  • CVE-2007-1702Mar 27, 2007
    risk 0.03cvss epss 0.05

    PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2007-1703Mar 27, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

  • CVE-2007-1704Mar 27, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-1705Mar 27, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in default.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

  • CVE-2007-1706Mar 27, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizID parameter.

  • CVE-2007-1707Mar 27, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in index.php in Net Side Content Management System (Net-Side.net CMS) allows remote attackers to execute arbitrary PHP code via a URL in the cms parameter.

  • CVE-2007-1708Mar 27, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter.

  • CVE-2007-1709Mar 27, 2007
    risk 0.03cvss epss 0.02

    Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string.

  • CVE-2007-1710Mar 27, 2007
    risk 0.00cvss epss 0.00

    The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a…

  • CVE-2007-1711Mar 27, 2007
    risk 0.04cvss epss 0.08

    Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to…

  • CVE-2006-4175Mar 26, 2007
    risk 0.00cvss epss 0.03

    The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized…

  • CVE-2007-1678Mar 26, 2007
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler.

  • CVE-2007-1679MedMar 26, 2007
    risk 0.35cvss 5.4epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor,…

  • CVE-2007-1692Mar 26, 2007
    risk 0.01cvss epss 0.15

    The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as…

  • CVE-2007-1667Mar 24, 2007
    risk 0.00cvss epss 0.05

    Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images…