VYPR

CVEs

344,562 total · page 6429 of 6,892

  • CVE-2006-7081Mar 2, 2007
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 allow remote attackers to execute arbitrary PHP code via the Include parameter to (1) Include/lib.inc.php3 and (2) Include/variables.php3.

  • CVE-2006-7082Mar 2, 2007
    risk 0.00cvss epss 0.03

    Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to bypass authentication and upload arbitrary files via direct requests to (1) adm/photos/images.php and (2) adm/down/files.php.

  • CVE-2006-7083Mar 2, 2007
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in index.php in Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to read arbitrary files via ".." sequences in the id parameter.

  • CVE-2006-7085Mar 2, 2007
    risk 0.00cvss epss 0.01

    Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely.

  • CVE-2006-7086Mar 2, 2007
    risk 0.03cvss epss 0.03

    The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter.

  • CVE-2006-7087Mar 2, 2007
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.

  • CVE-2006-7088Mar 2, 2007
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) logon_user.php and (2) update_profile.php.

  • CVE-2006-7089Mar 2, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2006-7090Mar 2, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in phpbb_security.php in phpBB Security 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the php_root_path parameter.

  • CVE-2006-7091Mar 2, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2006-7092Mar 2, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter.

  • CVE-2006-7093Mar 2, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2006-7094Mar 2, 2007
    risk 0.00cvss epss 0.03

    ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack…

  • CVE-2006-7095Mar 2, 2007
    risk 0.00cvss epss 0.05

    Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large data_len value, which is cast to a…

  • CVE-2006-7096Mar 2, 2007
    risk 0.00cvss epss 0.05

    Buffer overflow in the network_host_handle_join function in host.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname.

  • CVE-2006-7097Mar 2, 2007
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors.

  • CVE-2007-0001Mar 2, 2007
    risk 0.03cvss epss 0.01

    The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.

  • CVE-2007-1005Mar 2, 2007
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote…

  • CVE-2007-1134Mar 2, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts."

  • CVE-2007-1135Mar 2, 2007
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id array index parameter to filecheck.php.

  • CVE-2007-1136Mar 2, 2007
    risk 0.00cvss epss 0.02

    index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is…

  • CVE-2007-1137Mar 2, 2007
    risk 0.00cvss epss 0.01

    putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain…

  • CVE-2007-1138Mar 2, 2007
    risk 0.03cvss epss 0.03

    Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter.

  • CVE-2007-1139Mar 2, 2007
    risk 0.00cvss epss 0.02

    Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension.

  • CVE-2007-1140Mar 2, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. (dot dot) in the filename parameter.

  • CVE-2007-1141Mar 2, 2007
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.

  • CVE-2007-1142Mar 2, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.

  • CVE-2007-1143Mar 2, 2007
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.

  • CVE-2007-1144Mar 2, 2007
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.

  • CVE-2007-1145Mar 2, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified…

  • CVE-2007-1146Mar 2, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.

  • CVE-2007-1147Mar 2, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter.

  • CVE-2007-1148Mar 2, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter.

  • CVE-2007-1149Mar 2, 2007
    risk 0.03cvss epss 0.04

    Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.

  • CVE-2007-1150Mar 2, 2007
    risk 0.00cvss epss 0.01

    Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/.

  • CVE-2007-1151Mar 2, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error.

  • CVE-2007-1152Mar 2, 2007
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details…

  • CVE-2007-1153Mar 2, 2007
    risk 0.00cvss epss 0.01

    Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE:…

  • CVE-2007-1154Mar 2, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782.

  • CVE-2007-1155Mar 2, 2007
    risk 0.00cvss epss 0.01

    Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED.

  • CVE-2007-1156Mar 2, 2007
    risk 0.04cvss epss 0.09

    JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.

  • CVE-2007-1157Mar 2, 2007
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.

  • CVE-2007-1158Mar 2, 2007
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

  • CVE-2007-1159Mar 2, 2007
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in modules/out.php in Pyrophobia 2.1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2007-1160Mar 2, 2007
    risk 0.00cvss epss 0.03

    webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.

  • CVE-2007-1161Mar 2, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element.

  • CVE-2007-1162Mar 2, 2007
    risk 0.03cvss epss 0.03

    A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different…

  • CVE-2007-1163Mar 2, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.

  • CVE-2007-1164Mar 2, 2007
    risk 0.04cvss epss 0.09

    Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php,…

  • CVE-2007-1165Mar 2, 2007
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/.