VYPR

CVEs

344,488 total · page 6445 of 6,890

  • CVE-2007-0377Jan 19, 2007
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors.

  • CVE-2007-0378Jan 19, 2007
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2007-0379Jan 19, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-0380Jan 19, 2007
    risk 0.00cvss epss 0.01

    DocMan 1.3 RC2 allows remote attackers to obtain sensitive information (the full path) via unspecified vectors.

  • CVE-2007-0381Jan 19, 2007
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues.

  • CVE-2007-0382Jan 19, 2007
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in letterman.class.php in the Letterman 1.2.3 (com_letterman) component for Joomla! before 1.0.12 allow remote attackers to execute arbitrary SQL commands via the id parameter, related to the (1) lm_sendMail, (2) saveNewsletter, and (3)…

  • CVE-2007-0383Jan 19, 2007
    risk 0.00cvss epss 0.01

    WDaemon 9.5.4 allows remote attackers to access the /WorldClient.dll URI on TCP port 3000, which has unknown impact. NOTE: The researcher reports that the vendor response was "this is not a security bug.

  • CVE-2007-0384Jan 19, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-0385Jan 19, 2007
    risk 0.00cvss epss 0.01

    The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable.

  • CVE-2007-0386Jan 19, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."

  • CVE-2007-0387Jan 19, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter.

  • CVE-2007-0388Jan 19, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.

  • CVE-2007-0389Jan 19, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI.

  • CVE-2007-0390Jan 19, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter.

  • CVE-2007-0391Jan 19, 2007
    risk 0.00cvss epss 0.00

    Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings.

  • CVE-2007-0392Jan 19, 2007
    risk 0.00cvss epss 0.00

    IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.

  • CVE-2007-0393Jan 19, 2007
    risk 0.00cvss epss 0.00

    Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.

  • CVE-2007-0394Jan 19, 2007
    risk 0.00cvss epss 0.01

    HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.

  • CVE-2007-0395Jan 19, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.

  • CVE-2007-0396Jan 19, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors.

  • CVE-2007-0019Jan 19, 2007
    risk 0.03cvss epss 0.04

    Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via…

  • CVE-2007-0366Jan 19, 2007
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program.

  • CVE-2007-0367Jan 19, 2007
    risk 0.00cvss epss 0.00

    Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files.

  • CVE-2007-0364Jan 19, 2007
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name,…

  • CVE-2007-0365Jan 19, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably a different vulnerability than CVE-2006-5830.

  • CVE-2006-6942Jan 19, 2007
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the…

  • CVE-2006-6943Jan 19, 2007
    risk 0.03cvss epss 0.04

    PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array…

  • CVE-2006-6944Jan 19, 2007
    risk 0.00cvss epss 0.01

    phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.

  • CVE-2006-5963Jan 19, 2007
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows user-assisted remote attackers to extract files to arbitrary pathnames via a ../ (dot dot slash) in a filename.

  • CVE-2006-5964Jan 19, 2007
    risk 0.00cvss epss 0.02

    choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local users, and user-assisted remote attackers to cause a denial of service (system crash) by right clicking on a file with a long filename.

  • CVE-2007-0350Jan 19, 2007
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by…

  • CVE-2007-0351Jan 19, 2007
    risk 0.00cvss epss 0.00

    Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or…

  • CVE-2007-0352Jan 19, 2007
    risk 0.06cvss epss 0.36

    Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.

  • CVE-2007-0353Jan 19, 2007
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.

  • CVE-2007-0354Jan 19, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-0355Jan 19, 2007
    risk 0.04cvss epss 0.07

    Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list…

  • CVE-2007-0356Jan 19, 2007
    risk 0.04cvss epss 0.17

    The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value.

  • CVE-2007-0357Jan 19, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz!DSL 02.02.29 allows remote attackers to read arbitrary files via ..%5C (URL-encoded dot dot backslash) sequences in a URI requested from the AR7 webserver.

  • CVE-2007-0358Jan 19, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the FTP server implementation in HP Jetdirect firmware x.20.nn through x.24.nn allows remote attackers to cause a denial of service via unknown vectors.

  • CVE-2007-0359Jan 19, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.

  • CVE-2007-0360Jan 19, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

  • CVE-2007-0361Jan 19, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter.

  • CVE-2007-0362Jan 19, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes.

  • CVE-2007-0363Jan 19, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

  • CVE-2006-6941Jan 19, 2007
    risk 0.03cvss epss 0.02

    index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message.

  • CVE-2007-0349Jan 19, 2007
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter.

  • CVE-2006-6489Jan 18, 2007
    risk 0.00cvss epss 0.02

    The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-EASE, AX-S4 MMS and AX-S4 ICCP, and possibly other control system applications, allows remote attackers to cause a denial of service (application termination and restart) via malformed packets.

  • CVE-2007-0329Jan 18, 2007
    risk 0.03cvss epss 0.03

    download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability.

  • CVE-2007-0330Jan 18, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors.

  • CVE-2007-0331Jan 18, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu.