VYPR

CVEs

344,541 total · page 6435 of 6,891

  • CVE-2006-7024Feb 15, 2007
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php,…

  • CVE-2007-0949Feb 15, 2007
    risk 0.04cvss epss 0.16

    Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: it was later reported that 1.20 and 1.30 are also affected.

  • CVE-2007-0950Feb 15, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

  • CVE-2007-0951Feb 15, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.

  • CVE-2007-0952Feb 15, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the (1) t and (2) yr parameters, and the (3) sho parameter when the m parameter is outside the intended range.

  • CVE-2007-0953Feb 15, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.

  • CVE-2007-0954Feb 15, 2007
    risk 0.00cvss epss 0.02

    MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors.

  • CVE-2007-0955Feb 15, 2007
    risk 0.03cvss epss 0.05

    The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in…

  • CVE-2007-0919Feb 14, 2007
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI.

  • CVE-2007-0920Feb 14, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

  • CVE-2007-0921Feb 14, 2007
    risk 0.00cvss epss 0.02

    Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI.

  • CVE-2007-0922Feb 14, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string.

  • CVE-2007-0923Feb 14, 2007
    risk 0.00cvss epss 0.01

    buscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information (business logic) via a query string composed of a search for certain characters.

  • CVE-2007-0924Feb 14, 2007
    risk 0.00cvss epss 0.02

    Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3. NOTE: this issue might subsume CVE-2006-3764.

  • CVE-2007-0925Feb 14, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter.

  • CVE-2007-0926Feb 14, 2007
    risk 0.00cvss epss 0.01

    The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables.

  • CVE-2007-0927Feb 14, 2007
    risk 0.07cvss epss 0.45

    Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header.

  • CVE-2007-0928Feb 14, 2007
    risk 0.00cvss epss 0.01

    Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt.

  • CVE-2007-0929Feb 14, 2007
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter.

  • CVE-2007-0930Feb 14, 2007
    risk 0.00cvss epss 0.01

    Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.

  • CVE-2007-0931Feb 14, 2007
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code…

  • CVE-2007-0932Feb 14, 2007
    risk 0.00cvss epss 0.02

    The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the…

  • CVE-2006-5860Feb 14, 2007
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2007-0914Feb 14, 2007
    risk 0.00cvss epss 0.02

    Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.

  • CVE-2007-0915Feb 14, 2007
    risk 0.00cvss epss 0.04

    Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request.

  • CVE-2007-0916Feb 14, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.

  • CVE-2007-0917Feb 14, 2007
    risk 0.00cvss epss 0.02

    The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.

  • CVE-2007-0918Feb 14, 2007
    risk 0.00cvss epss 0.03

    The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by…

  • CVE-2006-5859Feb 14, 2007
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.

  • CVE-2007-0913Feb 14, 2007
    risk 0.01cvss epss 0.12

    Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296,…

  • CVE-2007-0219Feb 13, 2007
    risk 0.03cvss epss 0.39

    Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.

  • CVE-2007-0905Feb 13, 2007
    risk 0.00cvss epss 0.02

    PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.

  • CVE-2007-0906Feb 13, 2007
    risk 0.00cvss epss 0.05

    Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8)…

  • CVE-2007-0907Feb 13, 2007
    risk 0.00cvss epss 0.02

    Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.

  • CVE-2007-0908Feb 13, 2007
    risk 0.04cvss epss 0.12

    The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with…

  • CVE-2007-0909Feb 13, 2007
    risk 0.00cvss epss 0.03

    Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.

  • CVE-2007-0910Feb 13, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.

  • CVE-2007-0911Feb 13, 2007
    risk 0.03cvss epss 0.05

    Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).

  • CVE-2007-0912Feb 13, 2007
    risk 0.00cvss epss 0.02

    Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php.

  • CVE-2006-4697Feb 13, 2007
    risk 0.02cvss epss 0.31

    Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.

  • CVE-2007-0217Feb 13, 2007
    risk 0.08cvss epss 0.61

    The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.

  • CVE-2007-0208Feb 13, 2007
    risk 0.02cvss epss 0.30

    Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.

  • CVE-2007-0209Feb 13, 2007
    risk 0.02cvss epss 0.29

    Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.

  • CVE-2006-1311Feb 13, 2007
    risk 0.02cvss epss 0.31

    The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed…

  • CVE-2006-3448Feb 13, 2007
    risk 0.03cvss epss 0.37

    Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue…

  • CVE-2006-5270Feb 13, 2007
    risk 0.02cvss epss 0.30

    Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file.

  • CVE-2007-0025Feb 13, 2007
    risk 0.03cvss epss 0.37

    The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this…

  • CVE-2007-0026Feb 13, 2007
    risk 0.02cvss epss 0.25

    The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.

  • CVE-2007-0210Feb 13, 2007
    risk 0.00cvss epss 0.02

    The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow.

  • CVE-2007-0211Feb 13, 2007
    risk 0.00cvss epss 0.03

    The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."