VYPR

CVEs

345,196 total · page 6169 of 6,904

  • CVE-2008-6822Jun 4, 2009
    risk 0.03cvss epss 0.04

    Unrestricted file upload vulnerability in uploadp.php in New Earth Programming Team (NEPT) imgupload (aka Image Uploader) 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a modified content type, then accessing this file…

  • CVE-2009-1906Jun 3, 2009
    risk 0.00cvss epss 0.02

    The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by…

  • CVE-2009-1905Jun 3, 2009
    risk 0.00cvss epss 0.02

    The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via…

  • CVE-2008-6821Jun 3, 2009
    risk 0.00cvss epss 0.04

    Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853.

  • CVE-2008-6820Jun 3, 2009
    risk 0.00cvss epss 0.02

    The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856.

  • CVE-2008-2154Jun 3, 2009
    risk 0.00cvss epss 0.01

    IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls.

  • CVE-2009-1903Jun 3, 2009
    risk 0.00cvss epss 0.03

    The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.

  • CVE-2009-1902Jun 3, 2009
    risk 0.04cvss epss 0.14

    The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.

  • CVE-2009-1901Jun 3, 2009
    risk 0.00cvss epss 0.02

    The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors.

  • CVE-2009-1900Jun 3, 2009
    risk 0.00cvss epss 0.02

    The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the…

  • CVE-2009-1899Jun 3, 2009
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain…

  • CVE-2009-1898Jun 3, 2009
    risk 0.00cvss epss 0.01

    The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by…

  • CVE-2009-0899Jun 3, 2009
    risk 0.00cvss epss 0.02

    IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager…

  • CVE-2009-0896Jun 3, 2009
    risk 0.01cvss epss 0.07

    Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 allows remote attackers to execute arbitrary code via a crafted request.

  • CVE-2009-0957Jun 2, 2009
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.

  • CVE-2009-0956Jun 2, 2009
    risk 0.00cvss epss 0.05

    Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie containing a user data atom of size zero.

  • CVE-2009-0955Jun 2, 2009
    risk 0.04cvss epss 0.10

    Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue."

  • CVE-2009-0954Jun 2, 2009
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types.

  • CVE-2009-0953Jun 2, 2009
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.

  • CVE-2009-0952Jun 2, 2009
    risk 0.00cvss epss 0.05

    Buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted compressed PSD image.

  • CVE-2009-0951Jun 2, 2009
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file.

  • CVE-2009-0950Jun 2, 2009
    risk 0.05cvss epss 0.29

    Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.

  • CVE-2009-0894Jun 2, 2009
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in the decoder_create function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the…

  • CVE-2009-0893Jun 2, 2009
    risk 0.01cvss epss 0.07

    Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the xvidcore library in Xvid before 1.2.2, as used by Windows Media Player and other applications, allow remote attackers to execute arbitrary code by providing a crafted macroblock (aka MBlock) number in a video…

  • CVE-2009-0188Jun 2, 2009
    risk 0.00cvss epss 0.05

    Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file.

  • CVE-2009-0185Jun 2, 2009
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file.

  • CVE-2009-1882Jun 2, 2009
    risk 0.01cvss epss 0.07

    Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of…

  • CVE-2009-1881Jun 2, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in MT312 IMG-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to model.php with a timestamp before 20090521.

  • CVE-2009-1880Jun 2, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in MT312 REP-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) model.php and (2) config.php with timestamps before 20090521.

  • CVE-2004-2764Jun 2, 2009
    risk 0.00cvss epss 0.02

    Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT…

  • CVE-2004-2763Jun 1, 2009
    risk 0.00cvss epss 0.02

    The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site…

  • CVE-2003-1573Jun 1, 2009
    risk 0.00cvss epss 0.05

    The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and…

  • CVE-2003-1572Jun 1, 2009
    risk 0.00cvss epss 0.02

    Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields.

  • CVE-2009-1854Jun 1, 2009
    risk 0.03cvss epss 0.02

    Million Dollar Text Links 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the userid cookie to 1.

  • CVE-2009-1853Jun 1, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in index.php in Kensei Board 2.0 BETA (aka 2.0.0b) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) f and (2) t parameters in a showforum action.

  • CVE-2009-1852Jun 1, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.

  • CVE-2009-1851Jun 1, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2009-1850Jun 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows remote attackers to execute arbitrary SQL commands via the password parameter.

  • CVE-2009-1849Jun 1, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Monitor_Bandwidth function in PRTG Traffic Grapher 6.2.2.977 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-1848Jun 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php.

  • CVE-2009-1847Jun 1, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 B1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fiche parameter.

  • CVE-2009-1846Jun 1, 2009
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in SiteX 0.7.4 Build 418 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the THEME_FOLDER parameter to (1) Corporate/homepage.php, (2) Fusion/homepage.php, (3) Joombo/homepage.php,…

  • CVE-2009-1845Jun 1, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter.

  • CVE-2009-1805Jun 1, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x…

  • CVE-2008-6819Jun 1, 2009
    risk 0.00cvss epss 0.01

    win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than…

  • CVE-2009-1844Jun 1, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not…

  • CVE-2009-1843Jun 1, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) quiz parameter to (a) num_questions.php, (b) answers.php, (c) high_score.php, (d) high_score_web.php, (e) results_table_web.php, and (f) question.php;…

  • CVE-2009-1842Jun 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.

  • CVE-2008-6818Jun 1, 2009
    risk 0.00cvss epss 0.01

    Mole Group Real Estate Script 1.1 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-6817Jun 1, 2009
    risk 0.00cvss epss 0.01

    Mole Group Lastminute Script 4.0 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.