VYPR

CVEs

345,196 total · page 6167 of 6,904

  • CVE-2009-1694Jun 10, 2009
    risk 0.00cvss epss 0.03

    WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection,…

  • CVE-2009-1693Jun 10, 2009
    risk 0.00cvss epss 0.03

    WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."

  • CVE-2009-1691Jun 10, 2009
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for…

  • CVE-2009-1690Jun 10, 2009
    risk 0.01cvss epss 0.07

    Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of…

  • CVE-2009-1689Jun 10, 2009
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank…

  • CVE-2009-1688Jun 10, 2009
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through…

  • CVE-2009-1687Jun 10, 2009
    risk 0.01cvss epss 0.08

    The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2009-1686Jun 10, 2009
    risk 0.01cvss epss 0.08

    WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute…

  • CVE-2009-1685Jun 10, 2009
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an…

  • CVE-2009-1684Jun 10, 2009
    risk 0.04cvss epss 0.09

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the…

  • CVE-2009-1682Jun 10, 2009
    risk 0.00cvss epss 0.01

    Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.

  • CVE-2009-1681Jun 10, 2009
    risk 0.00cvss epss 0.03

    WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking"…

  • CVE-2009-1535Jun 10, 2009
    risk 0.11cvss epss 0.98

    The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as…

  • CVE-2009-1296Jun 9, 2009
    risk 0.00cvss epss 0.00

    The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root.

  • CVE-2008-2475Jun 9, 2009
    risk 0.00cvss epss 0.04

    eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property.

  • CVE-2009-2025Jun 9, 2009
    risk 0.03cvss epss 0.03

    admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values.

  • CVE-2009-2024Jun 9, 2009
    risk 0.03cvss epss 0.02

    Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt.

  • CVE-2009-2023Jun 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter.

  • CVE-2009-2022Jun 9, 2009
    risk 0.03cvss epss 0.05

    fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for _fipsdb/db.mdb.

  • CVE-2009-2021Jun 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter.

  • CVE-2009-2020Jun 9, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue News Manager allows remote attackers to inject arbitrary web script or HTML via the nid parameter.

  • CVE-2009-2019Jun 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in news_detail.php in Virtue News Manager allows remote attackers to execute arbitrary SQL commands via the nid parameter.

  • CVE-2009-2018Jun 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authuserid parameter.

  • CVE-2009-2017Jun 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in products.php in Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the cid parameter.

  • CVE-2009-2016Jun 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in products.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the cid parameter.

  • CVE-2009-2015Jun 9, 2009
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

  • CVE-2009-2014Jun 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php.

  • CVE-2009-2013Jun 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3.9.01.24 allows remote attackers to execute arbitrary SQL commands via the source_class parameter in a browse_classes action.

  • CVE-2009-2012Jun 9, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through snv_110, when a CIFS server is enabled, allows local users to cause a denial of service (idpmapd daemon crash and idmapd outage) via unknown vectors.

  • CVE-2009-1196Jun 9, 2009
    risk 0.00cvss epss 0.03

    The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw."

  • CVE-2009-0949HigJun 9, 2009
    risk 0.53cvss 7.5epss 0.20

    The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive…

  • CVE-2009-0791Jun 9, 2009
    risk 0.00cvss epss 0.06

    Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted…

  • CVE-2009-2010Jun 8, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to…

  • CVE-2009-2009Jun 8, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to main/exercice/testheaderpage.php.

  • CVE-2009-2008Jun 8, 2009
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than…

  • CVE-2009-2007Jun 8, 2009
    risk 0.00cvss epss 0.02

    Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. (dot dot) and a ..\ (dot dot backslash) in the lang parameter to main/exercice/hotspot_lang_conversion.php and (2) read…

  • CVE-2009-2006Jun 8, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content parameters in a new personal…

  • CVE-2009-2005Jun 8, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.

  • CVE-2009-2004Jun 8, 2009
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902.

  • CVE-2009-2003Jun 8, 2009
    risk 0.03cvss epss 0.03

    Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin."

  • CVE-2008-6832Jun 8, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from…

  • CVE-2008-6831Jun 8, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated…

  • CVE-2008-6830Jun 8, 2009
    risk 0.00cvss epss 0.02

    The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the…

  • CVE-2008-6829Jun 8, 2009
    risk 0.06cvss epss 0.38

    VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash). NOTE: this might be the same issue as CVE-2008-2031.

  • CVE-2008-6828HigJun 8, 2009
    risk 0.51cvss 7.8epss 0.00

    Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.

  • CVE-2008-6827HigJun 8, 2009
    risk 0.51cvss 7.8epss 0.01

    The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite…

  • CVE-2008-6826Jun 8, 2009
    risk 0.03cvss epss 0.05

    dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages.

  • CVE-2009-1962Jun 8, 2009
    risk 0.00cvss epss 0.00

    Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9)…

  • CVE-2009-1961MedJun 8, 2009
    risk 0.34cvss 4.7epss 0.01

    The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal)…

  • CVE-2009-1960Jun 8, 2009
    risk 0.05cvss epss 0.23

    inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also…