VYPR

CVEs

344,557 total · page 6430 of 6,892

  • CVE-2007-1171Mar 2, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.

  • CVE-2007-1172Mar 2, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."

  • CVE-2007-1174Mar 2, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party…

  • CVE-2007-1175Mar 2, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-1176Mar 2, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log…

  • CVE-2007-1177Mar 2, 2007
    risk 0.00cvss epss 0.01

    WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to…

  • CVE-2007-1178Mar 2, 2007
    risk 0.00cvss epss 0.01

    WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors.

  • CVE-2007-1179Mar 2, 2007
    risk 0.00cvss epss 0.01

    WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8)…

  • CVE-2007-1180Mar 2, 2007
    risk 0.00cvss epss 0.01

    WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact.

  • CVE-2007-1181Mar 2, 2007
    risk 0.00cvss epss 0.01

    WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors.

  • CVE-2007-1182Mar 2, 2007
    risk 0.00cvss epss 0.01

    WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact.

  • CVE-2007-1183Mar 2, 2007
    risk 0.00cvss epss 0.01

    WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors.

  • CVE-2007-1184Mar 2, 2007
    risk 0.00cvss epss 0.01

    The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data.

  • CVE-2007-1185Mar 2, 2007
    risk 0.00cvss epss 0.01

    The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors.

  • CVE-2007-1186Mar 2, 2007
    risk 0.00cvss epss 0.01

    WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact.

  • CVE-2007-1187Mar 2, 2007
    risk 0.00cvss epss 0.01

    WebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via (1) the Forum Archive feature and (2) Recent Searches.

  • CVE-2007-1188Mar 2, 2007
    risk 0.00cvss epss 0.01

    WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking".

  • CVE-2007-1189Mar 2, 2007
    risk 0.03cvss epss 0.01

    Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the…

  • CVE-2007-1190Mar 2, 2007
    risk 0.03cvss epss 0.03

    Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2007-1191Mar 2, 2007
    risk 0.00cvss epss 0.00

    The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file.

  • CVE-2007-1192Mar 2, 2007
    risk 0.03cvss epss 0.02

    Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat.

  • CVE-2007-1193Mar 2, 2007
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in the Login page in OrangeHRM before 20070212 have unknown impact and attack vectors.

  • CVE-2007-1194Mar 2, 2007
    risk 0.00cvss epss 0.00

    Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce…

  • CVE-2007-1195Mar 2, 2007
    risk 0.03cvss epss 0.05

    Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728.

  • CVE-2007-1196Mar 2, 2007
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers.

  • CVE-2007-1197Mar 2, 2007
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unknown impact and attack vectors, possibly related to cross-site scripting (XSS) and other unspecified issues.

  • CVE-2007-1198Mar 2, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a variant of CVE-2007-0982.

  • CVE-2007-1199Mar 2, 2007
    risk 0.04cvss epss 0.10

    Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045.

  • CVE-2007-1217Mar 2, 2007
    risk 0.00cvss epss 0.00

    Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.

  • CVE-2007-1218Mar 2, 2007
    risk 0.00cvss epss 0.03

    Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but…

  • CVE-2007-0996Feb 27, 2007
    risk 0.00cvss epss 0.02

    The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

  • CVE-2007-1117Feb 27, 2007
    risk 0.01cvss epss 0.18

    Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. …

  • CVE-2007-1118Feb 27, 2007
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php.

  • CVE-2007-1119Feb 27, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified…

  • CVE-2007-1120Feb 27, 2007
    risk 0.00cvss epss 0.02

    The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions in TeeChart Pro ActiveX control (TeeChart7.ocx) allow remote attackers to download a crafted .tee file to an arbitrary location. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2007-1121Feb 27, 2007
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of…

  • CVE-2007-1122Feb 27, 2007
    risk 0.01cvss epss 0.15

    Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a…

  • CVE-2007-1123Feb 27, 2007
    risk 0.00cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the body parameter to templates/ZPanelV2/template.php or (2) the page parameter to zpanel.php. NOTE: the zpanel.php vector may overlap…

  • CVE-2007-1124Feb 27, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.

  • CVE-2007-1125Feb 27, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter.

  • CVE-2007-1126Feb 27, 2007
    risk 0.03cvss epss 0.05

    Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.

  • CVE-2007-1127Feb 27, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter.

  • CVE-2007-1128Feb 27, 2007
    risk 0.00cvss epss 0.01

    shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages.

  • CVE-2007-1129Feb 27, 2007
    risk 0.00cvss epss 0.01

    Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action.

  • CVE-2007-1130Feb 27, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.

  • CVE-2007-1131Feb 27, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.

  • CVE-2007-1132Feb 27, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields.

  • CVE-2007-1133Feb 27, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter.

  • CVE-2007-1114Feb 26, 2007
    risk 0.01cvss epss 0.12

    The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the…

  • CVE-2007-1115Feb 26, 2007
    risk 0.00cvss epss 0.02

    The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7…