VYPR

CVEs

100,075 total · page 1999 of 2,002

  • CVE-2007-5927HigNov 10, 2007
    risk 0.53cvss 8.1epss 0.04

    Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using…

  • CVE-2007-5778HigNov 1, 2007
    risk 0.49cvss 7.5epss 0.01

    Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network.

  • CVE-2007-5544HigOct 29, 2007
    risk 0.51cvss 7.8epss 0.00

    IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus…

  • CVE-2007-4988HigSep 24, 2007
    risk 0.51cvss 7.8epss 0.03

    Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.

  • CVE-2007-4961HigSep 18, 2007
    risk 0.49cvss 7.5epss 0.01

    The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the…

  • CVE-2007-4150HigAug 3, 2007
    risk 0.49cvss 7.5epss 0.01

    The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file,…

  • CVE-2007-4103HigJul 31, 2007
    risk 0.49cvss 7.5epss 0.06

    The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood…

  • CVE-2007-4040HigJul 27, 2007
    risk 0.58cvss 8.8epss 0.13

    Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are…

  • CVE-2006-7221HigJul 25, 2007
    risk 0.49cvss 7.5epss 0.01

    Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the (1) name and (2) d_name entry attributes.

  • CVE-2007-3967HigJul 25, 2007
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in index.php in PHP Directory Lister (dirLIST) before 0.1.1 allows remote attackers to list the contents of a parent directory via a .. (dot dot) in the folder parameter.

  • CVE-2007-3268HigJul 18, 2007
    risk 0.49cvss 7.5epss 0.02

    The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a…

  • CVE-2007-3816HigJul 17, 2007
    risk 0.49cvss 7.5epss 0.02

    JWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops of references to external templates. NOTE: this issue has been disputed by multiple third parties who state that only the application developer can trigger the issue, so no…

  • CVE-2007-3409HigJun 26, 2007
    risk 0.49cvss 7.5epss 0.03

    Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.

  • CVE-2007-3365HigJun 22, 2007
    risk 0.52cvss 7.5epss 0.06

    MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI.

  • CVE-2006-7142HigMar 7, 2007
    risk 0.51cvss 7.8epss 0.00

    The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive.

  • CVE-2007-1285HigMar 6, 2007
    risk 0.53cvss 7.5epss 0.18

    The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

  • CVE-2007-0897HigFeb 16, 2007
    risk 0.49cvss 7.5epss 0.03

    Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a…

  • CVE-2007-0671HigKEVFeb 3, 2007
    risk 0.73cvss 8.8epss 0.42

    Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.

  • CVE-2007-0342HigJan 18, 2007
    risk 0.52cvss 7.5epss 0.02

    WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different…

  • CVE-2007-0257HigJan 16, 2007
    risk 0.54cvss 7.8epss 0.01

    Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function,…

  • CVE-2006-6767HigJan 16, 2007
    risk 0.52cvss 7.5epss 0.07

    oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure.

  • CVE-2006-6679HigDec 21, 2006
    risk 0.49cvss 7.5epss 0.02

    Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header.

  • CVE-2006-6165HigNov 29, 2006
    risk 0.51cvss 7.8epss 0.00

    ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party,…

  • CVE-2006-6025HigNov 21, 2006
    risk 0.49cvss 7.5epss 0.01

    QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. As of 20061118, this…

  • CVE-2006-5779HigNov 7, 2006
    risk 0.55cvss 7.5epss 0.75

    OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

  • CVE-2006-5738HigNov 6, 2006
    risk 0.47cvss 7.2epss 0.01

    Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2006-5708HigNov 4, 2006
    risk 0.49cvss 7.5epss 0.01

    Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks.

  • CVE-2006-4574HigOct 28, 2006
    risk 0.49cvss 7.5epss 0.04

    Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values.

  • CVE-2006-4997HigOct 10, 2006
    risk 0.49cvss 7.5epss 0.05

    The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).

  • CVE-2006-5158HigOct 5, 2006
    risk 0.49cvss 7.5epss 0.03

    The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.

  • CVE-2006-5160HigOct 5, 2006
    risk 0.53cvss 8.1epss 0.02

    Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no…

  • CVE-2006-5051HigSep 27, 2006
    risk 0.49cvss 8.1epss 0.45

    Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

  • CVE-2006-5014HigSep 27, 2006
    risk 0.61cvss 8.8epss 0.04

    Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.

  • CVE-2006-4663HigSep 9, 2006
    risk 0.51cvss 7.8epss 0.00

    The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions (0666 and 0777) for certain files and directories, which might allow local users to insert Trojan horse source code that would be used during the next kernel…

  • CVE-2006-4095HigSep 6, 2006
    risk 0.50cvss 7.5epss 0.13

    BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.

  • CVE-2006-4434HigAug 29, 2006
    risk 0.49cvss 7.5epss 0.04

    Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying…

  • CVE-2006-3730HigJul 21, 2006
    risk 0.65cvss 8.8epss 0.64

    Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory…

  • CVE-2006-2916HigJun 15, 2006
    risk 0.51cvss 7.8epss 0.00

    artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

  • CVE-2006-2492HigKEVMay 20, 2006
    risk 0.73cvss 8.8epss 0.48

    Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a…

  • CVE-2006-2362HigMay 15, 2006
    risk 0.51cvss 7.3epss 0.12

    Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted…

  • CVE-2006-2275HigMay 9, 2006
    risk 0.49cvss 7.5epss 0.03

    Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."

  • CVE-2006-1547HigKEVMar 30, 2006
    risk 0.65cvss 7.5epss 0.55

    ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides…

  • CVE-2006-1364HigMar 23, 2006
    risk 0.56cvss 7.5epss 0.59

    Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several…

  • CVE-2006-1078HigMar 9, 2006
    risk 0.55cvss 8.4epss 0.01

    Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a…

  • CVE-2005-4860HigDec 31, 2005
    risk 0.51cvss 7.8epss 0.00

    Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.

  • CVE-2005-4868HigDec 31, 2005
    risk 0.49cvss 7.1epss 0.01

    Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.

  • CVE-2005-3803HigNov 24, 2005
    risk 0.49cvss 7.5epss 0.02

    Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information.

  • CVE-2005-3716HigNov 21, 2005
    risk 0.49cvss 7.5epss 0.02

    The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information.

  • CVE-2005-3302HigOct 24, 2005
    risk 0.51cvss 7.3epss 0.04

    Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.

  • CVE-2005-3140HigOct 5, 2005
    risk 0.49cvss 7.5epss 0.02

    Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes.