VYPR

CVEs

344,557 total · page 6431 of 6,892

  • CVE-2007-1116Feb 26, 2007
    risk 0.00cvss epss 0.01

    The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, which allows remote attackers to obtain sensitive information by querying the browser's session history.

  • CVE-2007-0008Feb 26, 2007
    risk 0.00cvss epss 0.04

    Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows…

  • CVE-2007-0009Feb 26, 2007
    risk 0.04cvss epss 0.50

    Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611,…

  • CVE-2007-0778Feb 26, 2007
    risk 0.00cvss epss 0.03

    The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further…

  • CVE-2007-0779Feb 26, 2007
    risk 0.00cvss epss 0.02

    GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large,…

  • CVE-2007-0780Feb 26, 2007
    risk 0.00cvss epss 0.02

    browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a…

  • CVE-2007-0775Feb 26, 2007
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via…

  • CVE-2007-0776Feb 26, 2007
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.

  • CVE-2007-0777Feb 26, 2007
    risk 0.01cvss epss 0.08

    The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory…

  • CVE-2007-0995Feb 26, 2007
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.

  • CVE-2007-1092Feb 26, 2007
    risk 0.01cvss epss 0.07

    Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.

  • CVE-2007-1093Feb 26, 2007
    risk 0.00cvss epss 0.05

    Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior.

  • CVE-2007-1094Feb 26, 2007
    risk 0.01cvss epss 0.18

    Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.

  • CVE-2007-1095Feb 26, 2007
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.

  • CVE-2007-1096Feb 26, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.

  • CVE-2007-1097Feb 26, 2007
    risk 0.00cvss epss 0.02

    Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. NOTE: some…

  • CVE-2007-1098Feb 26, 2007
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have unknown impact and attack vectors, possibly related to denial of service caused by a search that begins with a .* sequence.

  • CVE-2007-1099Feb 26, 2007
    risk 0.00cvss epss 0.02

    dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.

  • CVE-2007-1100Feb 26, 2007
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in download.php in Ahmet Sacan Pickle before 20070301 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

  • CVE-2007-1101Feb 26, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message ("comment") or (2) name field, or the (3) q parameter in a search action in index.php.

  • CVE-2007-1102Feb 26, 2007
    risk 0.00cvss epss 0.01

    Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.

  • CVE-2007-1103Feb 26, 2007
    risk 0.00cvss epss 0.02

    Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and…

  • CVE-2007-1104Feb 26, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in top.php in PHP Module Implementation (PHP-MIP) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the laypath parameter.

  • CVE-2007-1105Feb 26, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

  • CVE-2007-1106Feb 26, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

  • CVE-2007-1107Feb 26, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using…

  • CVE-2007-1108Feb 26, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.

  • CVE-2007-1109Feb 26, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7)…

  • CVE-2007-1110Feb 26, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in data/showcode.php in ActiveCalendar 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.

  • CVE-2007-1111Feb 26, 2007
    risk 0.03cvss epss 0.06

    Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8)…

  • CVE-2007-1090Feb 26, 2007
    risk 0.04cvss epss 0.16

    Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.

  • CVE-2007-1091Feb 26, 2007
    risk 0.02cvss epss 0.25

    Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.

  • CVE-2006-7057Feb 24, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in search.php in Sphider before 1.3.1c allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this…

  • CVE-2006-7058Feb 24, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_form.html and (2) templates/dark/search_form.html. NOTE: the provenance of this…

  • CVE-2006-7059Feb 24, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities (&#0000039) in IMG tags to (1) messages, (2) profile fields, or (3) the id parameter in a dologin operation to…

  • CVE-2006-7060Feb 24, 2007
    risk 0.00cvss epss 0.01

    cindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message.

  • CVE-2006-7061Feb 24, 2007
    risk 0.00cvss epss 0.02

    Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks.

  • CVE-2006-7062Feb 24, 2007
    risk 0.00cvss epss 0.01

    calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message.

  • CVE-2006-7063Feb 24, 2007
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter.

  • CVE-2006-7064Feb 24, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.

  • CVE-2006-7042Feb 24, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in directory/index.php in Chipmunk directory allows remote attackers to inject arbitrary web script or HTML via the start parameter.

  • CVE-2006-7043Feb 24, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogger allow remote authenticated users to inject arbitrary web script or HTML via script tags in (1) posts and (2) profile names; and (3) a javascript URI in a URL argument in the photo gallery.

  • CVE-2006-7044Feb 24, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in comment.core.inc.php in Clan Manager Pro (CMPRO) 1.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.

  • CVE-2006-7045Feb 24, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) rootpath and possibly (2) sitepath parameters to (a) cmpro.ext/comment.core.inc.php and (b)…

  • CVE-2006-7046Feb 24, 2007
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2006-7047Feb 24, 2007
    risk 0.00cvss epss 0.03

    include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. NOTE: this issue was originally reported as remote file inclusion, but CVE analysis suggests that this cannot…

  • CVE-2006-7048Feb 24, 2007
    risk 0.03cvss epss 0.04

    Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter to (a) atutor.inc.php (b) db-generic.inc.php (c) docebo.inc.php (d) dokeos.1.6.inc.php (e)…

  • CVE-2006-7049Feb 24, 2007
    risk 0.00cvss epss 0.02

    The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.

  • CVE-2006-7050Feb 24, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in…

  • CVE-2006-7051Feb 24, 2007
    risk 0.03cvss epss 0.01

    The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in…