VYPR

CVEs

344,090 total · page 6449 of 6,882

  • CVE-2006-6688Dec 21, 2006
    risk 0.00cvss epss 0.01

    Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET) allows remote attackers to bypass filtering mechanisms via unknown vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2006-6689Dec 21, 2006
    risk 0.00cvss epss 0.01

    Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the SERVER_DIRECTORY parameter to unspecified scripts, a different vector than CVE-2006-6739. NOTE: The provenance of this…

  • CVE-2006-6690Dec 21, 2006
    risk 0.03cvss epss 0.06

    rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to…

  • CVE-2006-6691Dec 21, 2006
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in Valdersoft Shopping Cart 3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the commonIncludePath parameter to (1) admin/include/common.php, (2) include/common.php, or (3)…

  • CVE-2006-6692Dec 21, 2006
    risk 0.04cvss epss 0.08

    Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2)…

  • CVE-2006-6693Dec 21, 2006
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions.

  • CVE-2006-6694Dec 21, 2006
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. (dot dot) in the language parameter, as demonstrated by uploading a .JPG file containing PHP code, then accessing the file via…

  • CVE-2006-6695Dec 21, 2006
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Carsen Klock TextSend 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) error or (2) success parameter. NOTE: The provenance of this information is unknown; the details are obtained…

  • CVE-2006-6104Dec 21, 2006
    risk 0.03cvss epss 0.05

    The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.

  • CVE-2006-6679HigDec 21, 2006
    risk 0.49cvss 7.5epss 0.02

    Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header.

  • CVE-2006-6680Dec 21, 2006
    risk 0.00cvss epss 0.00

    Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file.

  • CVE-2006-6681Dec 21, 2006
    risk 0.00cvss epss 0.01

    Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for client requests, which might allow remote attackers to determine passwords via a dictionary attack.

  • CVE-2006-6682Dec 21, 2006
    risk 0.00cvss epss 0.02

    Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system.

  • CVE-2006-6683Dec 21, 2006
    risk 0.00cvss epss 0.01

    Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM.

  • CVE-2006-6684Dec 21, 2006
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. NOTE: The provenance of this information is unknown; the…

  • CVE-2006-6685Dec 21, 2006
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long REMOTE_ADDR environment variable. NOTE: The provenance of this information is unknown; the details…

  • CVE-2006-6671Dec 21, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in down.asp in Burak Yylmaz Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2006-6672Dec 21, 2006
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal allow remote attackers to execute arbitrary SQL commands via the (1) kid or possibly (2) id parameter to (a) HABERLER.ASP and (b) ASPKAT.ASP. NOTE: The provenance of this information is unknown; the details…

  • CVE-2006-6673Dec 21, 2006
    risk 0.03cvss epss 0.03

    WinFtp Server 2.0.2 allows remote attackers to cause a denial of service (crash) via long (1) PASV, (2) LIST, (3) USER, (4) PORT, and possibly other commands.

  • CVE-2006-6674Dec 21, 2006
    risk 0.00cvss epss 0.00

    Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows local users to obtain sensitive information.

  • CVE-2006-6675Dec 21, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app.

  • CVE-2006-6676Dec 21, 2006
    risk 0.00cvss epss 0.06

    Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers a heap-based buffer overflow.

  • CVE-2006-6677Dec 21, 2006
    risk 0.00cvss epss 0.02

    ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a denial of service (crash) via a crafted .CHM file that triggers a divide-by-zero error.

  • CVE-2006-6678Dec 21, 2006
    risk 0.00cvss epss 0.02

    The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.

  • CVE-2006-6660Dec 20, 2006
    risk 0.03cvss epss 0.02

    The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.

  • CVE-2006-6661Dec 20, 2006
    risk 0.04cvss epss 0.06

    Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code via multiple vectors that use the extract function, as demonstrated by the (1) f, (2) newmessage, (3)…

  • CVE-2006-6662Dec 20, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password.

  • CVE-2006-6663Dec 20, 2006
    risk 0.00cvss epss 0.02

    The server component in Marathon Aleph One before 0.17.1 and 2006-12-17 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to "gathering net games."

  • CVE-2006-6664Dec 20, 2006
    risk 0.00cvss epss 0.03

    Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. …

  • CVE-2006-6665Dec 20, 2006
    risk 0.05cvss epss 0.29

    Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name tag in a dbr file.

  • CVE-2006-6666Dec 20, 2006
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 and earlier allows remote authenticated users to execute arbitrary PHP code via a URL in the q parameter.

  • CVE-2006-6667Dec 20, 2006
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nick_mod or (2) nick parameter to (a) repass.php or (b) verify.php. NOTE: The provenance of this information is unknown; the details are…

  • CVE-2006-6668Dec 20, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2006-6669Dec 20, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter.

  • CVE-2006-6670Dec 20, 2006
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL.

  • CVE-2006-4814Dec 20, 2006
    risk 0.00cvss epss 0.01

    The mincore function in the Linux kernel before 2.4.33.6 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.

  • CVE-2006-5681Dec 20, 2006
    risk 0.00cvss epss 0.02

    QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.

  • CVE-2006-6475Dec 20, 2006
    risk 0.00cvss epss 0.02

    FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode with SSL enabled, allows remote attackers to cause a denial of service (refused connections) via malformed requests, which results in a mishandled exception.

  • CVE-2006-6476Dec 20, 2006
    risk 0.00cvss epss 0.00

    FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and when the agent is bound to 0.0.0.0 (all interfaces), opens sockets in non-exclusive mode, which allows local users to hijack the socket, and capture data or cause a denial of service (loss of…

  • CVE-2006-6477Dec 20, 2006
    risk 0.00cvss epss 0.00

    FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and configured to use only HTTP, allows local users to modify requests and responses between a client and an agent by hijacking an HTTP FRAgent daemon and conducting a man-in-the-middle (MITM)…

  • CVE-2006-6642Dec 20, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2006-6643Dec 20, 2006
    risk 0.03cvss epss 0.03

    Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to cause a denial of service (crash) via multiple RETR commands with long arguments.

  • CVE-2006-6644Dec 20, 2006
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in pages/meeting_constants.php in the Meeting (mx_meeting) 1.1.2 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

  • CVE-2006-6645Dec 20, 2006
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.

  • CVE-2006-6646Dec 20, 2006
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the…

  • CVE-2006-6647Dec 20, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4.7.x-3.3 and 5.x before 5.x-1.3 module for Drupal allows remote attackers to inject arbitrary web script or HTML via the Title field when editing a page. NOTE: some details were obtained from third party…

  • CVE-2006-6648Dec 20, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in main.inc.php in planetluc.com RateMe 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtoscript parameter.

  • CVE-2006-6649Dec 20, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an encoded frm_action parameter. NOTE: the vendor disputes this issue, but it is not certain whether the dispute is about the…

  • CVE-2006-6650Dec 20, 2006
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in charts_constants.php in the Charts (mx_charts) 1.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

  • CVE-2006-6651Dec 20, 2006
    risk 0.03cvss epss 0.03

    Race condition in W29N51.SYS in the Intel 2200BG wireless driver 9.0.3.9 allows remote attackers to cause memory corruption and execute arbitrary code via a series of crafted beacon frames. NOTE: some details are obtained solely from third party information.