VYPR

CVEs

344,503 total · page 6440 of 6,891

  • CVE-2007-0661Feb 1, 2007
    risk 0.00cvss epss 0.01

    Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent…

  • CVE-2007-0662Feb 1, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

  • CVE-2007-0663Feb 1, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE: The provenance of this information is unknown; the details are…

  • CVE-2007-0650Feb 1, 2007
    risk 0.00cvss epss 0.04

    Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based…

  • CVE-2007-0648Feb 1, 2007
    risk 0.00cvss epss 0.04

    Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.

  • CVE-2007-0649Feb 1, 2007
    risk 0.03cvss epss 0.06

    Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in…

  • CVE-2007-0644Feb 1, 2007
    risk 0.03cvss epss 0.02

    Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit…

  • CVE-2007-0645Feb 1, 2007
    risk 0.03cvss epss 0.02

    Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions.

  • CVE-2007-0646Feb 1, 2007
    risk 0.04cvss epss 0.10

    Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the…

  • CVE-2007-0647Feb 1, 2007
    risk 0.03cvss epss 0.03

    Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.

  • CVE-2007-0634Jan 31, 2007
    risk 0.04cvss epss 0.09

    Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.

  • CVE-2007-0635Jan 31, 2007
    risk 0.04cvss epss 0.09

    Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php.

  • CVE-2007-0636Jan 31, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files."

  • CVE-2007-0637Jan 31, 2007
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file,…

  • CVE-2007-0638Jan 31, 2007
    risk 0.03cvss epss 0.03

    show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter.

  • CVE-2007-0639Jan 31, 2007
    risk 0.04cvss epss 0.07

    Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error…

  • CVE-2007-0640Jan 31, 2007
    risk 0.00cvss epss 0.02

    Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."

  • CVE-2007-0641Jan 31, 2007
    risk 0.03cvss epss 0.04

    Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444.

  • CVE-2007-0642Jan 31, 2007
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp.

  • CVE-2007-0643Jan 31, 2007
    risk 0.04cvss epss 0.07

    Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.

  • CVE-2007-0622Jan 31, 2007
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2007-0623Jan 31, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter.

  • CVE-2007-0624Jan 31, 2007
    risk 0.00cvss epss 0.01

    user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation.

  • CVE-2007-0625Jan 31, 2007
    risk 0.00cvss epss 0.00

    nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service.

  • CVE-2007-0626Jan 31, 2007
    risk 0.00cvss epss 0.03

    The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not…

  • CVE-2007-0627Jan 31, 2007
    risk 0.00cvss epss 0.00

    Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process.

  • CVE-2007-0628Jan 31, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these…

  • CVE-2007-0629Jan 31, 2007
    risk 0.00cvss epss 0.01

    The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information.

  • CVE-2007-0630Jan 31, 2007
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) from, and (3) q parameters, different vectors than CVE-2007-0569. NOTE: The…

  • CVE-2007-0631Jan 31, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

  • CVE-2007-0632Jan 31, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560.

  • CVE-2007-0633Jan 31, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter.

  • CVE-2007-0612Jan 31, 2007
    risk 0.06cvss epss 0.43

    Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2)…

  • CVE-2007-0613Jan 31, 2007
    risk 0.04cvss epss 0.07

    The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted…

  • CVE-2007-0614Jan 31, 2007
    risk 0.04cvss epss 0.08

    The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.

  • CVE-2007-0615Jan 31, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition Management Server and Log Server before 20070124 allows remote attackers to cause a denial of service (application stop) via unexpected data.

  • CVE-2007-0616Jan 31, 2007
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.

  • CVE-2007-0617Jan 31, 2007
    risk 0.00cvss epss 0.01

    The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions.

  • CVE-2007-0618Jan 31, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."

  • CVE-2007-0619Jan 31, 2007
    risk 0.00cvss epss 0.05

    chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.

  • CVE-2007-0620Jan 31, 2007
    risk 0.03cvss epss 0.04

    download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.

  • CVE-2007-0467Jan 31, 2007
    risk 0.03cvss epss 0.02

    crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.

  • CVE-2007-0465Jan 31, 2007
    risk 0.04cvss epss 0.18

    Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.

  • CVE-2007-0466Jan 31, 2007
    risk 0.03cvss epss 0.06

    Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption.

  • CVE-2007-0610Jan 31, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2007-0611Jan 31, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) inc.page.php and (2) inc.text.php.

  • CVE-2006-5753Jan 30, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.

  • CVE-2006-5754Jan 30, 2007
    risk 0.00cvss epss 0.00

    The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation.

  • CVE-2006-6535Jan 30, 2007
    risk 0.00cvss epss 0.03

    The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.

  • CVE-2007-0588Jan 30, 2007
    risk 0.00cvss epss 0.06

    The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that…