VYPR

CVEs

344,488 total · page 6448 of 6,890

  • CVE-2006-5876Jan 16, 2007
    risk 0.00cvss epss 0.03

    The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values.

  • CVE-2006-6487Jan 16, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the error[] parameter.

  • CVE-2006-6767HigJan 16, 2007
    risk 0.52cvss 7.5epss 0.07

    oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure.

  • CVE-2007-0235Jan 16, 2007
    risk 0.03cvss epss 0.01

    Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which…

  • CVE-2007-0236Jan 16, 2007
    risk 0.05cvss epss 0.21

    Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer…

  • CVE-2007-0247Jan 16, 2007
    risk 0.05cvss epss 0.19

    squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.

  • CVE-2007-0248Jan 16, 2007
    risk 0.01cvss epss 0.07

    The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.

  • CVE-2006-6922Jan 13, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Deadlock User Management System (phpdeadlock) 0.64 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2006-6923Jan 13, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter.

  • CVE-2006-6924Jan 13, 2007
    risk 0.03cvss epss 0.03

    bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the…

  • CVE-2006-6925Jan 13, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog…

  • CVE-2006-6926Jan 13, 2007
    risk 0.00cvss epss 0.01

    Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2006-6927Jan 13, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the uname (username) and (2) pword (passwd) fields in (a) admin/default.asp; the (3) ID parameter to (b) listfull.asp or (c) printmain.asp; the (4) cat parameter…

  • CVE-2006-6928Jan 13, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) listmain.asp or (b) searchmain.asp, the (2) the Keyword parameter to (c) searchkey.asp, or the (3) refno parameter to…

  • CVE-2006-6929Jan 13, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3) name parameter to…

  • CVE-2006-6930Jan 13, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-0223Jan 13, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter.

  • CVE-2007-0224Jan 13, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter.

  • CVE-2007-0225Jan 13, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

  • CVE-2007-0226Jan 13, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter).

  • CVE-2007-0227Jan 13, 2007
    risk 0.00cvss epss 0.02

    slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7.

  • CVE-2007-0228Jan 13, 2007
    risk 0.04cvss epss 0.07

    The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) &LOGPATH& (6) &FWADELTA& (7) &FWALOG& (8) &SETSYNCHRONOUS& (9)…

  • CVE-2007-0229Jan 13, 2007
    risk 0.03cvss epss 0.01

    Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer…

  • CVE-2007-0230Jan 13, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the install_dir parameter. NOTE: CVE and third parties dispute this vulnerability because install_dir is defined before use

  • CVE-2007-0231Jan 13, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field.

  • CVE-2007-0232Jan 13, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter.

  • CVE-2007-0233Jan 13, 2007
    risk 0.04cvss epss 0.11

    wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id…

  • CVE-2006-6921Jan 12, 2007
    risk 0.00cvss epss 0.00

    Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.

  • CVE-2007-0182Jan 12, 2007
    risk 0.03cvss epss 0.05

    Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php,…

  • CVE-2007-0183Jan 12, 2007
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2007-0184Jan 12, 2007
    risk 0.00cvss epss 0.01

    Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.

  • CVE-2007-0185Jan 12, 2007
    risk 0.00cvss epss 0.01

    Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch.

  • CVE-2007-0186Jan 12, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per…

  • CVE-2007-0187Jan 12, 2007
    risk 0.00cvss epss 0.04

    F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain…

  • CVE-2007-0188Jan 12, 2007
    risk 0.00cvss epss 0.01

    F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and…

  • CVE-2007-0189Jan 12, 2007
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this issue, since GeoBB 1.0 sets $action to a whitelisted value

  • CVE-2007-0190Jan 12, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.

  • CVE-2007-0191Jan 12, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section.

  • CVE-2007-0192Jan 12, 2007
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka…

  • CVE-2007-0193Jan 12, 2007
    risk 0.00cvss epss 0.01

    FON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which allows remote attackers to tunnel traffic via DNS requests for hosts that should not be accessible before authentication.

  • CVE-2007-0194Jan 12, 2007
    risk 0.00cvss epss 0.01

    admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message.

  • CVE-2007-0195Jan 12, 2007
    risk 0.00cvss epss 0.01

    my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.

  • CVE-2007-0206Jan 12, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to read arbitrary files via unknown vectors.

  • CVE-2006-6918Jan 11, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors.

  • CVE-2006-6919Jan 11, 2007
    risk 0.03cvss epss 0.02

    Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script.

  • CVE-2006-6920Jan 11, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php.

  • CVE-2007-0168Jan 11, 2007
    risk 0.05cvss epss 0.20

    The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is…

  • CVE-2007-0169Jan 11, 2007
    risk 0.09cvss epss 0.69

    Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2)…

  • CVE-2007-0205Jan 11, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by…

  • CVE-2007-0166Jan 11, 2007
    risk 0.00cvss epss 0.00

    The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the…