VYPR

CVEs

11,223 total · page 224 of 225

  • CVE-2006-6024CriNov 21, 2006
    risk 0.64cvss 9.8epss 0.01

    Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eudora WorldMail heap overflow" modules in VulnDisco Pack. NOTE: Some of these…

  • CVE-2006-5678CriNov 3, 2006
    risk 0.64cvss 9.8epss 0.02

    PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the…

  • CVE-2006-5610CriOct 31, 2006
    risk 0.64cvss 9.8epss 0.01

    PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

  • CVE-2006-5603CriOct 30, 2006
    risk 0.67cvss 9.8epss 0.01

    SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

  • CVE-2006-5021CriSep 27, 2006
    risk 0.67cvss 9.8epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE:…

  • CVE-2006-5024CriSep 27, 2006
    risk 0.64cvss 9.8epss 0.02

    Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.4 have unknown impact and attack vectors.

  • CVE-2006-4428CriAug 29, 2006
    risk 0.67cvss 9.8epss 0.04

    PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced…

  • CVE-2006-4264CriAug 21, 2006
    risk 0.64cvss 9.8epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) install.lmtg_homepage.php and (2) mtg_homepage.php. …

  • CVE-2006-3136CriJun 22, 2006
    risk 0.64cvss 9.8epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2) media.php, (3) /xmlrpc/server.php, and (4)…

  • CVE-2006-2827CriJun 5, 2006
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in…

  • CVE-2005-3435CriNov 2, 2005
    risk 0.64cvss 9.8epss 0.02

    admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument.

  • CVE-2005-3120CriOct 17, 2005
    risk 0.69cvss 9.8epss 0.23

    Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.

  • CVE-2005-2773CriKEVSep 2, 2005
    risk 0.85cvss 9.8epss 0.74

    HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.

  • CVE-2005-2103CriAug 16, 2005
    risk 0.68cvss 9.8epss 0.16

    Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.

  • CVE-2005-1689CriJul 18, 2005
    risk 0.65cvss 9.8epss 0.11

    Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.

  • CVE-2005-1744CriMay 24, 2005
    risk 0.64cvss 9.8epss 0.02

    BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security…

  • CVE-2005-1513CriMay 11, 2005
    risk 0.65cvss 9.8epss 0.11

    Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.

  • CVE-2005-0269CriMay 2, 2005
    risk 0.64cvss 9.8epss 0.03

    The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.

  • CVE-2005-0199CriMay 2, 2005
    risk 0.68cvss 9.8epss 0.19

    Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a…

  • CVE-2005-1141CriApr 15, 2005
    risk 0.64cvss 9.8epss 0.03

    Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large width and height values, which leads to a heap-based buffer overflow.

  • CVE-2005-0496CriFeb 21, 2005
    risk 0.64cvss 9.8epss 0.03

    Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands.

  • CVE-2005-0408CriFeb 14, 2005
    risk 0.67cvss 9.8epss 0.05

    CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which…

  • CVE-2005-0102CriJan 24, 2005
    risk 0.64cvss 9.8epss 0.03

    Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.

  • CVE-2004-2154CriDec 31, 2004
    risk 0.64cvss 9.8epss 0.02

    CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.

  • CVE-2004-2214CriDec 31, 2004
    risk 0.64cvss 9.8epss 0.03

    Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters.

  • CVE-2004-0285CriNov 23, 2004
    risk 0.67cvss 9.8epss 0.08

    PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.

  • CVE-2004-0847CriNov 3, 2004
    risk 0.73cvss 9.8epss 0.76

    The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."

  • CVE-2004-0772CriOct 20, 2004
    risk 0.64cvss 9.8epss 0.07

    Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.

  • CVE-2004-1363CriAug 4, 2004
    risk 0.64cvss 9.8epss 0.09

    Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

  • CVE-2004-2061CriJul 27, 2004
    risk 0.67cvss 9.8epss 0.06

    RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.

  • CVE-2004-0434CriJul 7, 2004
    risk 0.64cvss 9.8epss 0.07

    k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow.

  • CVE-2004-0005CriMar 3, 2004
    risk 0.65cvss 9.8epss 0.11

    Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer…

  • CVE-2004-0030CriJan 20, 2004
    risk 0.67cvss 9.8epss 0.07

    PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server…

  • CVE-2003-1233CriDec 31, 2003
    risk 0.64cvss 9.8epss 0.02

    Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or…

  • CVE-2003-0545CriNov 17, 2003
    risk 0.71cvss 9.8epss 0.85

    Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.

  • CVE-2003-0899CriNov 3, 2003
    risk 0.68cvss 9.8epss 0.22

    Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.

  • CVE-2003-0791CriOct 7, 2003
    risk 0.64cvss 9.8epss 0.02

    The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.

  • CVE-2003-0466CriAug 27, 2003
    risk 0.73cvss 9.8epss 0.78

    Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow,…

  • CVE-2003-0252CriAug 18, 2003
    risk 0.65cvss 9.8epss 0.16

    Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.

  • CVE-2003-0356CriJun 9, 2003
    risk 0.64cvss 9.8epss 0.10

    Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and…

  • CVE-2003-0174CriMay 12, 2003
    risk 0.64cvss 9.8epss 0.01

    The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.

  • CVE-2002-1484CriApr 22, 2003
    risk 0.68cvss 9.8epss 0.14

    DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in…

  • CVE-2002-1798CriDec 31, 2002
    risk 0.63cvss 9.1epss 0.05

    MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.

  • CVE-2002-1816CriDec 31, 2002
    risk 0.67cvss 9.8epss 0.09

    Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ATPhttpd 0.4b and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.

  • CVE-2002-2119CriDec 31, 2002
    risk 0.64cvss 9.8epss 0.03

    Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing.

  • CVE-2002-1820CriDec 31, 2002
    risk 0.64cvss 9.8epss 0.02

    register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a."

  • CVE-2002-1347CriDec 18, 2002
    risk 0.64cvss 9.8epss 0.07

    Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication…

  • CVE-2002-0391CriAug 12, 2002
    risk 0.68cvss 9.8epss 0.58

    Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as…

  • CVE-2002-0671CriJul 23, 2002
    risk 0.64cvss 9.8epss 0.01

    Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.

  • CVE-2002-0639CriJul 3, 2002
    risk 0.65cvss 9.8epss 0.18

    Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.