VYPR

CVEs

344,488 total · page 6443 of 6,890

  • CVE-2007-0496Jan 25, 2007
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter.

  • CVE-2007-0497Jan 25, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter.

  • CVE-2007-0498Jan 25, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter.

  • CVE-2007-0499Jan 25, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter.

  • CVE-2007-0500Jan 25, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in include/includes.php in Bradabra 2.0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.

  • CVE-2007-0501Jan 25, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter.

  • CVE-2007-0502Jan 25, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.

  • CVE-2007-0503Jan 25, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.

  • CVE-2007-0493Jan 25, 2007
    risk 0.01cvss epss 0.12

    Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a…

  • CVE-2007-0494Jan 25, 2007
    risk 0.03cvss epss 0.43

    ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets,…

  • CVE-2007-0476Jan 25, 2007
    risk 0.00cvss epss 0.00

    The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a…

  • CVE-2007-0477Jan 25, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in…

  • CVE-2007-0478Jan 25, 2007
    risk 0.00cvss epss 0.02

    WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an…

  • CVE-2007-0479Jan 25, 2007
    risk 0.00cvss epss 0.04

    Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device.

  • CVE-2007-0480Jan 25, 2007
    risk 0.01cvss epss 0.09

    Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet.

  • CVE-2007-0481Jan 25, 2007
    risk 0.00cvss epss 0.05

    Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header.

  • CVE-2007-0482Jan 25, 2007
    risk 0.00cvss epss 0.00

    cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack.

  • CVE-2007-0483Jan 25, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. NOTE: The provenance of this information is unknown; the details are obtained solely…

  • CVE-2007-0484Jan 25, 2007
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files. NOTE: The provenance of this information is unknown; the details are…

  • CVE-2007-0485Jan 25, 2007
    risk 0.04cvss epss 0.08

    PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter.

  • CVE-2007-0486Jan 25, 2007
    risk 0.00cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in Openads (aka phpAdsNew) 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) phpAds_geoPlugin parameter to libraries/lib-remotehost.inc, the (2) filename parameter to admin/report-index, or the (3)…

  • CVE-2007-0487Jan 25, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being…

  • CVE-2007-0488Jan 25, 2007
    risk 0.00cvss epss 0.01

    The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Quidway R1600 Router, and possibly other models, allows remote attackers to cause a denial of service (device crash) via a long show arp command.

  • CVE-2007-0489Jan 25, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2007-0490Jan 25, 2007
    risk 0.00cvss epss 0.01

    index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action.

  • CVE-2007-0491Jan 25, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third…

  • CVE-2007-0492Jan 25, 2007
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from…

  • CVE-2006-6952Jan 24, 2007
    risk 0.03cvss epss 0.01

    Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers.

  • CVE-2007-0444Jan 24, 2007
    risk 0.04cvss epss 0.14

    Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2)…

  • CVE-2007-0018Jan 24, 2007
    risk 0.06cvss epss 0.35

    Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft…

  • CVE-2007-0010Jan 24, 2007
    risk 0.03cvss epss 0.01

    The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.

  • CVE-2007-0020Jan 24, 2007
    risk 0.04cvss epss 0.08

    Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL.

  • CVE-2007-0023Jan 24, 2007
    risk 0.03cvss epss 0.02

    The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed…

  • CVE-2007-0460Jan 24, 2007
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations."

  • CVE-2007-0461Jan 24, 2007
    risk 0.00cvss epss 0.01

    Multiple memory leaks in the Dazuko anti-virus helper module before 2.3.2 allow attackers to cause a denial of service (memory consumption) via unknown vectors.

  • CVE-2007-0468Jan 24, 2007
    risk 0.02cvss epss 0.25

    Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file.

  • CVE-2007-0469Jan 24, 2007
    risk 0.00cvss epss 0.05

    The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.

  • CVE-2007-0470Jan 24, 2007
    risk 0.00cvss epss 0.00

    Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.

  • CVE-2007-0471Jan 24, 2007
    risk 0.00cvss epss 0.03

    sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a…

  • CVE-2007-0003Jan 23, 2007
    risk 0.00cvss epss 0.00

    pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.

  • CVE-2007-0449Jan 23, 2007
    risk 0.09cvss epss 0.79

    Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute…

  • CVE-2007-0441Jan 23, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to execute arbitrary commands via unknown vectors.

  • CVE-2007-0442Jan 23, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain.

  • CVE-2006-6946Jan 23, 2007
    risk 0.00cvss epss 0.01

    The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors.

  • CVE-2006-6947Jan 23, 2007
    risk 0.00cvss epss 0.01

    The FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017.

  • CVE-2006-6948Jan 23, 2007
    risk 0.00cvss epss 0.01

    MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database.

  • CVE-2006-6949Jan 23, 2007
    risk 0.00cvss epss 0.00

    Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in MyServerSettings.ini, which allows local users to obtain sensitive information by reading this file.

  • CVE-2006-6950Jan 23, 2007
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 allows remote attackers to read arbitrary files and list arbitrary directories via a .. (dot dot) in a filename argument.

  • CVE-2006-6951Jan 23, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter.

  • CVE-2007-0428Jan 23, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference.