VYPR

CVEs

344,562 total · page 6428 of 6,892

  • CVE-2007-1255Mar 3, 2007
    risk 0.03cvss epss 0.01

    Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which…

  • CVE-2007-1256Mar 3, 2007
    risk 0.00cvss epss 0.01

    Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of…

  • CVE-2007-1257Mar 3, 2007
    risk 0.01cvss epss 0.07

    The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.

  • CVE-2007-1258Mar 3, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload)…

  • CVE-2007-1259Mar 3, 2007
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have unknown impact and attack vectors.

  • CVE-2006-7098Mar 3, 2007
    risk 0.03cvss epss 0.01

    The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.

  • CVE-2006-7099Mar 3, 2007
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in SolarPay allows remote attackers to read certain files via a .. (dot dot) in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2007-1231Mar 3, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php and certain other files.

  • CVE-2007-1232Mar 3, 2007
    risk 0.06cvss epss 0.38

    Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme cookie.

  • CVE-2007-1233Mar 3, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in downloadcounter.php in STWC-Counter 3.4.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the stwc_counter_verzeichniss parameter.

  • CVE-2007-1234Mar 3, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php, or (4) the page parameter to…

  • CVE-2007-1235Mar 3, 2007
    risk 0.00cvss epss 0.01

    Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file.

  • CVE-2007-1236Mar 3, 2007
    risk 0.00cvss epss 0.01

    sitex allows remote attackers to obtain sensitive information via a request with a numerical value for the (1) sxMonth[] or (2) sxYear[] parameter to calendar.php, or the (3) page[] parameter to calendar_events.php, which reveals the path in various error messages.

  • CVE-2007-1237Mar 3, 2007
    risk 0.00cvss epss 0.01

    sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error.

  • CVE-2007-1238Mar 3, 2007
    risk 0.01cvss epss 0.10

    Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.

  • CVE-2007-1239Mar 3, 2007
    risk 0.01cvss epss 0.12

    Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.

  • CVE-2007-1240Mar 3, 2007
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. NOTE: the…

  • CVE-2007-1241Mar 3, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2007-1242Mar 3, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2007-1243Mar 3, 2007
    risk 0.03cvss epss 0.02

    Audins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the…

  • CVE-2007-1244Mar 3, 2007
    risk 0.00cvss epss 0.07

    Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform…

  • CVE-2007-1245Mar 3, 2007
    risk 0.00cvss epss 0.01

    IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file.

  • CVE-2007-1246Mar 3, 2007
    risk 0.00cvss epss 0.06

    The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a…

  • CVE-2007-1219Mar 2, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.

  • CVE-2007-1220Mar 2, 2007
    risk 0.00cvss epss 0.01

    The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code.

  • CVE-2007-1221Mar 2, 2007
    risk 0.00cvss epss 0.02

    The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection.

  • CVE-2007-1222Mar 2, 2007
    risk 0.00cvss epss 0.00

    Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a…

  • CVE-2007-1223Mar 2, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows attackers to cause a denial of service (responder control processing halt) by sending "data unexpectedly through the port".

  • CVE-2007-1224Mar 2, 2007
    risk 0.03cvss epss 0.03

    Grok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port (:80).

  • CVE-2007-1225Mar 2, 2007
    risk 0.03cvss epss 0.04

    The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection.

  • CVE-2007-1226Mar 2, 2007
    risk 0.00cvss epss 0.00

    McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files.

  • CVE-2007-1227Mar 2, 2007
    risk 0.03cvss epss 0.01

    VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute…

  • CVE-2007-1228Mar 2, 2007
    risk 0.00cvss epss 0.00

    IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.

  • CVE-2007-1229Mar 2, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when…

  • CVE-2007-1230Mar 2, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.

  • CVE-2006-3892Mar 2, 2007
    risk 0.00cvss epss 0.04

    The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands.

  • CVE-2006-7065Mar 2, 2007
    risk 0.05cvss epss 0.20

    Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.

  • CVE-2006-7066Mar 2, 2007
    risk 0.05cvss epss 0.22

    Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame,…

  • CVE-2006-7067Mar 2, 2007
    risk 0.01cvss epss 0.07

    Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was…

  • CVE-2006-7068Mar 2, 2007
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in CliServ Web Community 0.65 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cl_headers parameter to (1) menu.php3 and (2) login.php3.

  • CVE-2006-7069Mar 2, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in smarty_config.php in Socketwiz Bookmarks 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the root_dir parameter.

  • CVE-2006-7070Mar 2, 2007
    risk 0.03cvss epss 0.04

    Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image…

  • CVE-2006-7071Mar 2, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter.

  • CVE-2006-7072Mar 2, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the (1) b[username] and (2) c parameters to (a) index.php, the b[username] parameter to (b) admin/index.php, and (3)…

  • CVE-2006-7073Mar 2, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod before 2.4.5 allows remote attackers to inject arbitrary web script or HTML in Internet Explorer via unknown vectors related to the uploaded attachments form. NOTE: some details were obtained from third party…

  • CVE-2006-7074Mar 2, 2007
    risk 0.00cvss epss 0.01

    admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie.

  • CVE-2006-7075Mar 2, 2007
    risk 0.00cvss epss 0.02

    Buffer overflow in the meta_read_flac function in meta_decoder.c for Aqualung 0.9beta5 and earlier, and CVS 0.193.2 and earlier, allows user-assisted attackers to execute arbitrary code via a long Vorbis comment in a Free Lossless Audio Codec (FLAC) file.

  • CVE-2006-7076Mar 2, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection.

  • CVE-2006-7077Mar 2, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter.

  • CVE-2006-7078Mar 2, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) vorname, and (3) nachname parameters in the register script. NOTE: some details…