VYPR

CVEs

345,233 total · page 6146 of 6,905

  • CVE-2008-7017Aug 21, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate.

  • CVE-2008-7016Aug 21, 2009
    risk 0.00cvss epss 0.01

    tnftpd before 20080929 splits large command strings into multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving a crafted ftp:// link to a tnftpd server.

  • CVE-2009-2925Aug 21, 2009
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a .. (dot dot) in the TEMPLATE parameter.

  • CVE-2009-2924Aug 21, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat_id parameter to catvideo.php and (3) uid parameter to cviewchannels.php.

  • CVE-2009-2923Aug 21, 2009
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in parameter to advanced_search.php.

  • CVE-2009-2922Aug 21, 2009
    risk 0.03cvss epss 0.03

    Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter.

  • CVE-2009-2921Aug 21, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field).

  • CVE-2009-2920Aug 21, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the (3) Username (4) E-mail, (5) Pass, and (6) Confirm pass fields to…

  • CVE-2009-2919Aug 21, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field.

  • CVE-2009-2918Aug 21, 2009
    risk 0.03cvss epss 0.01

    The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0.

  • CVE-2009-2917Aug 21, 2009
    risk 0.03cvss epss 0.03

    Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted string in a (1) .cue or (2) .m3u playlist file.

  • CVE-2009-2916Aug 21, 2009
    risk 0.00cvss epss 0.03

    Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname.

  • CVE-2009-2915Aug 21, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action.

  • CVE-2009-2914Aug 21, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded file. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2009-2913Aug 21, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2009-2912Aug 21, 2009
    risk 0.00cvss epss 0.00

    The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls.

  • CVE-2009-2732Aug 21, 2009
    risk 0.04cvss epss 0.07

    The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.

  • CVE-2009-2694Aug 21, 2009
    risk 0.05cvss epss 0.20

    The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…

  • CVE-2009-0638Aug 21, 2009
    risk 0.00cvss epss 0.03

    The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 before 3.2(13), and 4.0 before 4.0(6) for Cisco Catalyst 6500 switches and Cisco 7600 routers allows remote attackers to cause a denial of service (traffic-handling outage) via a series of malformed ICMP…

  • CVE-2009-2896Aug 20, 2009
    risk 0.03cvss epss 0.06

    Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file. NOTE: some of these details are obtained from third party information.

  • CVE-2009-2895Aug 20, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

  • CVE-2009-2894Aug 20, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php.

  • CVE-2009-2893Aug 20, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter.

  • CVE-2009-2892Aug 20, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie.

  • CVE-2009-2891Aug 20, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter.

  • CVE-2009-2890Aug 20, 2009
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter.

  • CVE-2009-2889Aug 20, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter.

  • CVE-2009-2888Aug 20, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter.

  • CVE-2009-2887Aug 20, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter.

  • CVE-2009-2886Aug 20, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter.

  • CVE-2009-2885Aug 20, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter.

  • CVE-2009-2884Aug 20, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to inject arbitrary web script or HTML via the rank parameter.

  • CVE-2009-2883Aug 20, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.

  • CVE-2009-2882Aug 20, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to…

  • CVE-2009-2881Aug 20, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/.

  • CVE-2009-2860Aug 19, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."

  • CVE-2009-2859Aug 19, 2009
    risk 0.00cvss epss 0.00

    IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.

  • CVE-2009-2858Aug 19, 2009
    risk 0.00cvss epss 0.02

    Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.

  • CVE-2009-2857MedAug 19, 2009
    risk 0.36cvss 5.5epss 0.00

    The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and…

  • CVE-2009-2740Aug 19, 2009
    risk 0.00cvss epss 0.02

    kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention System (HIPS) 8.1 allows remote attackers to cause a denial of service (system crash) via a malformed packet.

  • CVE-2009-2627Aug 19, 2009
    risk 0.00cvss epss 0.05

    Insecure method vulnerability in the Acer LunchApp (aka AcerCtrls.APlunch) ActiveX control in acerctrl.ocx allows remote attackers to execute arbitrary commands via the Run method, a different vulnerability than CVE-2006-6121.

  • CVE-2009-2055MedKEVAug 19, 2009
    risk 0.51cvss 5.9epss 0.03

    Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.

  • CVE-2009-1884Aug 19, 2009
    risk 0.00cvss epss 0.03

    Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a…

  • CVE-2009-0682Aug 19, 2009
    risk 0.00cvss epss 0.00

    vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0.0.184 in Internet Security Suite r4, and vetmonnt.sys before 10.0.0.217 in Internet Security Suite r5 do not properly verify IOCTL calls, which allows local users to cause a denial of service (system crash)…

  • CVE-2008-7015Aug 19, 2009
    risk 0.03cvss epss 0.03

    Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure.

  • CVE-2008-7014Aug 19, 2009
    risk 0.03cvss epss 0.03

    fhttpd 0.4.2 allows remote attackers to cause a denial of service (crash) via an Authorization HTTP header with an invalid character after the Basic value.

  • CVE-2008-7013Aug 19, 2009
    risk 0.00cvss epss 0.01

    NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error.

  • CVE-2008-7012Aug 19, 2009
    risk 0.04cvss epss 0.07

    courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.

  • CVE-2008-7011Aug 19, 2009
    risk 0.03cvss epss 0.02

    The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which…

  • CVE-2008-7010Aug 19, 2009
    risk 0.03cvss epss 0.04

    Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php.