VYPR

CVEs

344,541 total · page 6437 of 6,891

  • CVE-2006-6996Feb 12, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a…

  • CVE-2006-6997Feb 12, 2007
    risk 0.01cvss epss 0.06

    Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of…

  • CVE-2007-0870Feb 11, 2007
    risk 0.02cvss epss 0.21

    Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.

  • CVE-2007-0867Feb 9, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in classes/menu.php in Site-Assistant 0990 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the paths[version] parameter.

  • CVE-2007-0868Feb 9, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2007-0869Feb 9, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the…

  • CVE-2006-6983Feb 9, 2007
    risk 0.00cvss epss 0.01

    Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that…

  • CVE-2006-6984Feb 9, 2007
    risk 0.00cvss epss 0.01

    Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references…

  • CVE-2006-6985Feb 9, 2007
    risk 0.00cvss epss 0.01

    Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that…

  • CVE-2006-6986Feb 9, 2007
    risk 0.00cvss epss 0.01

    Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the…

  • CVE-2006-6987Feb 9, 2007
    risk 0.00cvss epss 0.01

    Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that…

  • CVE-2006-6988Feb 9, 2007
    risk 0.00cvss epss 0.01

    Cross-domain vulnerability in Slim Browser 4.07 build 100 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that…

  • CVE-2006-6989Feb 9, 2007
    risk 0.00cvss epss 0.01

    Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that…

  • CVE-2006-6990Feb 9, 2007
    risk 0.00cvss epss 0.01

    Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references…

  • CVE-2006-6991Feb 9, 2007
    risk 0.00cvss epss 0.01

    Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references…

  • CVE-2006-6992Feb 9, 2007
    risk 0.00cvss epss 0.01

    Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references…

  • CVE-2007-0860Feb 9, 2007
    risk 0.00cvss epss 0.01

    Multiple PHP remote file inclusion vulnerabilities in local Calendar System 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) TEMPLATE_DIR parameter to (a) showinvoices.php, (b) showmonth.php, (c) showevents.php, (d) retrieveinvoice.php, (e)…

  • CVE-2007-0861Feb 9, 2007
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in modules/mail/index.php in phpCOIN RC-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CCFG['_PKG_PATH_MDLS'] parameter. NOTE: this issue has been disputed by a reliable third party, who states that…

  • CVE-2007-0862Feb 9, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in index.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the GNP_REAL_PATH parameter. NOTE: CVE and a third party dispute this issue, since GNP_REAL_PATH is a constant, not a variable

  • CVE-2007-0863Feb 9, 2007
    risk 0.00cvss epss 0.04

    PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been…

  • CVE-2007-0864Feb 9, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allows remote attackers to inject arbitrary SQL commands via the id parameter.

  • CVE-2007-0865Feb 9, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in comments.php in LushiNews 1.01 and earlier allows remote authenticated users to inject arbitrary SQL commands via the id parameter.

  • CVE-2007-0866Feb 9, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in HP OpenView Storage Data Protector on HP-UX B.11.00, B.11.11, or B.11.23 allows local users to execute arbitrary code via unknown vectors.

  • CVE-2007-0446Feb 8, 2007
    risk 0.04cvss epss 0.44

    Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port…

  • CVE-2007-0669Feb 8, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files.

  • CVE-2006-6979Feb 8, 2007
    risk 0.00cvss epss 0.02

    The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.

  • CVE-2006-6980Feb 8, 2007
    risk 0.00cvss epss 0.01

    The magnatune.com album browser in Amarok allows attackers to cause a denial of service (application crash) via unspecified vectors.

  • CVE-2006-6981Feb 8, 2007
    risk 0.00cvss epss 0.01

    3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows remote attackers to cause a denial of service (blocked account) via unspecified vectors related to NTLM authentication, which causes a password hash to be overwritten.

  • CVE-2006-6982Feb 8, 2007
    risk 0.00cvss epss 0.01

    3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials.

  • CVE-2007-0819Feb 8, 2007
    risk 0.00cvss epss 0.01

    HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified…

  • CVE-2007-0845Feb 8, 2007
    risk 0.04cvss epss 0.06

    admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1.

  • CVE-2007-0846Feb 8, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter.

  • CVE-2007-0847Feb 8, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php.

  • CVE-2007-0848Feb 8, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in classes/class_mail.inc.php in Maian Recipe 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.

  • CVE-2007-0849Feb 8, 2007
    risk 0.03cvss epss 0.01

    scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different…

  • CVE-2007-0850Feb 8, 2007
    risk 0.00cvss epss 0.03

    scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and…

  • CVE-2007-0851Feb 8, 2007
    risk 0.01cvss epss 0.08

    Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.

  • CVE-2007-0852Feb 8, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown;…

  • CVE-2007-0853Feb 8, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers to execute arbitrary SQL commands via the Username form field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2007-0854Feb 8, 2007
    risk 0.00cvss epss 0.06

    Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but…

  • CVE-2007-0855Feb 8, 2007
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.

  • CVE-2007-0856Feb 8, 2007
    risk 0.00cvss epss 0.01

    TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for…

  • CVE-2007-0857Feb 8, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.

  • CVE-2006-2219Feb 8, 2007
    risk 0.00cvss epss 0.01

    phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to…

  • CVE-2006-2220Feb 8, 2007
    risk 0.00cvss epss 0.01

    phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL…

  • CVE-2006-6975CriFeb 8, 2007
    risk 0.64cvss 9.8epss 0.03

    PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a…

  • CVE-2006-6976Feb 8, 2007
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter.

  • CVE-2006-6977Feb 8, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FreeTextBox allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.

  • CVE-2006-6978Feb 8, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.

  • CVE-2007-0844Feb 8, 2007
    risk 0.00cvss epss 0.01

    The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.