VYPR

CVEs

11,223 total · page 223 of 225

  • CVE-2009-2494CriAug 12, 2009
    risk 0.67cvss 9.8epss 0.42

    The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant…

  • CVE-2009-2422CriJul 10, 2009
    risk 0.64cvss 9.8epss 0.03

    The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers…

  • CVE-2009-2382CriJul 8, 2009
    risk 0.67cvss 9.8epss 0.06

    admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.

  • CVE-2009-2367CriJul 8, 2009
    risk 0.69cvss 9.8epss 0.23

    cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter.

  • CVE-2009-2168CriJun 22, 2009
    risk 0.68cvss 9.8epss 0.12

    cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters.

  • CVE-2009-1936CriJun 5, 2009
    risk 0.70cvss 9.8epss 0.42

    _functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP…

  • CVE-2009-1151CriKEVMar 26, 2009
    risk 0.86cvss 9.8epss 0.95

    Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

  • CVE-2008-4835CriJan 14, 2009
    risk 0.67cvss 9.8epss 0.45

    SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request,…

  • CVE-2004-2761CriJan 5, 2009
    risk 0.67cvss 9.8epss 0.10

    The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

  • CVE-2008-5784CriDec 31, 2008
    risk 0.67cvss 9.8epss 0.07

    V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.

  • CVE-2008-3465CriDec 10, 2008
    risk 0.65cvss 9.8epss 0.14

    Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed…

  • CVE-2008-5038CriNov 12, 2008
    risk 0.64cvss 9.8epss 0.06

    Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension…

  • CVE-2008-4250CriKEVOct 23, 2008
    risk 0.87cvss 9.8epss 0.99

    The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as…

  • CVE-2008-3612CriSep 11, 2008
    risk 0.64cvss 9.8epss 0.04

    The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.

  • CVE-2008-2433CriAug 27, 2008
    risk 0.65cvss 9.8epss 0.11

    The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via…

  • CVE-2008-3738CriAug 27, 2008
    risk 0.59cvss 9.1epss 0.01

    Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

  • CVE-2008-2369CriAug 14, 2008
    risk 0.59cvss 9.1epss 0.03

    manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.

  • CVE-2008-3604CriAug 12, 2008
    risk 0.67cvss 9.8epss 0.04

    SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter.

  • CVE-2007-3652CriJul 9, 2008
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328.

  • CVE-2008-2374CriJul 7, 2008
    risk 0.64cvss 9.8epss 0.04

    src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a…

  • CVE-2008-2108CriMay 7, 2008
    risk 0.64cvss 9.8epss 0.04

    The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force…

  • CVE-2008-0599CriMay 5, 2008
    risk 0.65cvss 9.8epss 0.11

    The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

  • CVE-2008-0961CriApr 14, 2008
    risk 0.64cvss 9.8epss 0.05

    EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.

  • CVE-2008-1511CriMar 25, 2008
    risk 0.67cvss 9.8epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and (2) classes/class_comments.php. NOTE: the provenance of this information is…

  • CVE-2008-1160CriMar 25, 2008
    risk 0.68cvss 9.8epss 0.15

    ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.

  • CVE-2008-0062CriMar 19, 2008
    risk 0.65cvss 9.8epss 0.10

    KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

  • CVE-2008-0174CriJan 29, 2008
    risk 0.64cvss 9.8epss 0.02

    GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges.

  • CVE-2008-0081CriJan 16, 2008
    risk 0.71cvss 9.8epss 0.58

    Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.

  • CVE-2007-6013CriNov 19, 2007
    risk 0.57cvss 9.8epss 0.03

    Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

  • CVE-2007-5775CriNov 1, 2007
    risk 0.69cvss 9.8epss 0.27

    Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher,…

  • CVE-2007-5565CriOct 18, 2007
    risk 0.64cvss 9.8epss 0.01

    PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE because the identified code is in a function that is not…

  • CVE-2007-5097CriSep 26, 2007
    risk 0.64cvss 9.8epss 0.01

    PHP remote file inclusion vulnerability in lib/classes/offl_nflteam.php in Online Fantasy Football League (OFFL) 0.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter. NOTE: this issue is disputed by CVE because a __FILE__ test protects…

  • CVE-2007-3010CriKEVSep 18, 2007
    risk 0.86cvss 9.8epss 0.97

    masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

  • CVE-2007-4559CriAug 28, 2007
    risk 0.66cvss 9.8epss 0.27

    Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

  • CVE-2007-4290CriAug 9, 2007
    risk 0.64cvss 9.8epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, or (3) inc/common.inc.php; or (4) database.php, (5) entries.php, (6) index.php,…

  • CVE-2007-4043CriJul 27, 2007
    risk 0.64cvss 9.8epss 0.02

    file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary…

  • CVE-2007-4039CriJul 27, 2007
    risk 0.64cvss 9.8epss 0.02

    Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when…

  • CVE-2007-3798CriJul 16, 2007
    risk 0.72cvss 9.8epss 0.70

    Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

  • CVE-2007-3194CriJun 12, 2007
    risk 0.64cvss 9.8epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php in includes/; (6)…

  • CVE-2007-2534CriMay 9, 2007
    risk 0.64cvss 9.8epss 0.01

    Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are…

  • CVE-2007-2422CriMay 2, 2007
    risk 0.64cvss 9.8epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability…

  • CVE-2007-2020CriApr 12, 2007
    risk 0.64cvss 9.8epss 0.03

    Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion

  • CVE-2007-1966CriApr 11, 2007
    risk 0.59cvss 9.1epss 0.01

    Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.

  • CVE-2007-1399CriMar 10, 2007
    risk 0.68cvss 9.8epss 0.20

    Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via…

  • CVE-2007-1383CriMar 10, 2007
    risk 0.68cvss 9.8epss 0.15

    Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.

  • CVE-2006-7105CriMar 3, 2007
    risk 0.64cvss 9.8epss 0.02

    PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is used in a function definition, so this report is probably…

  • CVE-2006-7079CriMar 2, 2007
    risk 0.68cvss 9.8epss 0.13

    Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable.

  • CVE-2006-6975CriFeb 8, 2007
    risk 0.64cvss 9.8epss 0.03

    PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a…

  • CVE-2007-0681CriFeb 3, 2007
    risk 0.67cvss 9.8epss 0.05

    profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.

  • CVE-2006-6863CriDec 31, 2006
    risk 0.68cvss 9.8epss 0.13

    PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value