VYPR

CVEs

345,217 total · page 6151 of 6,905

  • CVE-2008-6916Aug 7, 2009
    risk 0.03cvss epss 0.04

    Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.

  • CVE-2008-6915Aug 7, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in view_prop_details.php in Zeeways ZEEPROPERTY 1.0 allows remote attackers to inject arbitrary web script or HTML via the propid parameter.

  • CVE-2008-6914Aug 7, 2009
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile modification, then accessing a related file via a direct…

  • CVE-2008-6913Aug 7, 2009
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in editresume_next.php in Zeeways ZEEJOBSITE 2.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile edit action, then accessing the file via a direct request…

  • CVE-2008-6912Aug 7, 2009
    risk 0.04cvss epss 0.07

    Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php.

  • CVE-2008-6911Aug 6, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the authenticateUser function in includes/authentication.inc.php in BrewBlogger (BB) 2.1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginUsername parameter to…

  • CVE-2008-6910Aug 6, 2009
    risk 0.00cvss epss 0.01

    Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request.

  • CVE-2008-6909Aug 6, 2009
    risk 0.00cvss epss 0.01

    Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and…

  • CVE-2008-6908Aug 6, 2009
    risk 0.00cvss epss 0.01

    Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges.

  • CVE-2008-6907Aug 6, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, as accessible from a form generated by…

  • CVE-2008-6906Aug 6, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard 1.1.6 allows remote attackers to inject arbitrary web script or HTML via the username.

  • CVE-2008-6905Aug 6, 2009
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete (1) categories or (2) groups; (3) ban users; or (4) delete users via the admin page.

  • CVE-2009-2194Aug 6, 2009
    risk 0.00cvss epss 0.00

    Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue."

  • CVE-2009-2193Aug 6, 2009
    risk 0.01cvss epss 0.09

    Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.

  • CVE-2009-2192Aug 6, 2009
    risk 0.00cvss epss 0.03

    MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."

  • CVE-2009-2191Aug 6, 2009
    risk 0.00cvss epss 0.04

    Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.

  • CVE-2009-2190Aug 6, 2009
    risk 0.00cvss epss 0.04

    launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service.

  • CVE-2009-2188Aug 6, 2009
    risk 0.01cvss epss 0.08

    Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.

  • CVE-2009-1728Aug 6, 2009
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

  • CVE-2009-1727Aug 6, 2009
    risk 0.00cvss epss 0.03

    Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe…

  • CVE-2009-1726Aug 6, 2009
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.

  • CVE-2009-2625Aug 6, 2009
    risk 0.00cvss epss 0.30

    XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via…

  • CVE-2009-2412Aug 6, 2009
    risk 0.01cvss epss 0.14

    Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger…

  • CVE-2009-1723Aug 6, 2009
    risk 0.00cvss epss 0.01

    CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect…

  • CVE-2009-0151Aug 6, 2009
    risk 0.00cvss epss 0.00

    The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.

  • CVE-2008-6904Aug 6, 2009
    risk 0.01cvss epss 0.11

    Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1)…

  • CVE-2008-6903Aug 6, 2009
    risk 0.01cvss epss 0.07

    Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small…

  • CVE-2008-6902Aug 6, 2009
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in upload_flyer.php in 2532designs 2532|Gigs 1.2.2 Stable allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in flyers/.

  • CVE-2008-6901Aug 6, 2009
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1)…

  • CVE-2008-6900Aug 6, 2009
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in "Add Pen/Author Name" feature in addpen.php in AvailScript Article Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in…

  • CVE-2008-6899Aug 5, 2009
    risk 0.03cvss epss 0.05

    Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a long (1) open, (2) unlink, (3) mkdir, (4) rmdir, or (5) stat SFTP command.

  • CVE-2008-6898Aug 5, 2009
    risk 0.06cvss epss 0.32

    Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for SaschArt SasCam Webcam Server 2.6.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Get method and other unspecified methods.

  • CVE-2008-6897Aug 5, 2009
    risk 0.03cvss epss 0.06

    Multiple buffer overflows in Getleft.exe in Andres Garcia Getleft 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) "a" HTML tag; a long src attribute in (2) embed, (3) img, or (4) script tags; (5) a long…

  • CVE-2009-2688Aug 5, 2009
    risk 0.01cvss epss 0.09

    Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function…

  • CVE-2009-2687Aug 5, 2009
    risk 0.00cvss epss 0.04

    The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.

  • CVE-2009-2676Aug 5, 2009
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify…

  • CVE-2009-2675Aug 5, 2009
    risk 0.00cvss epss 0.04

    Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR…

  • CVE-2009-2674Aug 5, 2009
    risk 0.01cvss epss 0.06

    Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen,…

  • CVE-2009-2673Aug 5, 2009
    risk 0.00cvss epss 0.05

    The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a…

  • CVE-2009-2672Aug 5, 2009
    risk 0.00cvss epss 0.05

    The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote…

  • CVE-2009-2671Aug 5, 2009
    risk 0.00cvss epss 0.04

    The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application…

  • CVE-2009-2670Aug 5, 2009
    risk 0.00cvss epss 0.03

    The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent…

  • CVE-2009-2669Aug 5, 2009
    risk 0.03cvss epss 0.01

    A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with…

  • CVE-2009-2668Aug 5, 2009
    risk 0.01cvss epss 0.14

    Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service (CPU consumption) via an XML document composed of a long series of start-tags with no corresponding end-tags, a related issue to CVE-2009-1232.

  • CVE-2009-2667Aug 5, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) 1.0 has unknown impact and attack vectors, related to a "password security vulnerability."

  • CVE-2009-2579Aug 5, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability…

  • CVE-2009-2665Aug 4, 2009
    risk 0.00cvss epss 0.03

    The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome…

  • CVE-2009-2664Aug 4, 2009
    risk 0.00cvss epss 0.03

    The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a…

  • CVE-2009-2663Aug 4, 2009
    risk 0.00cvss epss 0.03

    libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.

  • CVE-2009-2662Aug 4, 2009
    risk 0.00cvss epss 0.05

    The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/src/jstracer.cpp, and…