VYPR

CVEs

345,178 total · page 6176 of 6,904

  • CVE-2009-0148May 5, 2009
    risk 0.01cvss epss 0.07

    Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for…

  • CVE-2008-4828May 5, 2009
    risk 0.09cvss epss 0.71

    Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through…

  • CVE-2009-1519May 4, 2009
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter.

  • CVE-2009-1518May 4, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Beltane before 2.3.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-6791May 4, 2009
    risk 0.04cvss epss 0.07

    PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial of service via a write request with a long mode field.

  • CVE-2008-6790May 4, 2009
    risk 0.03cvss epss 0.02

    The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php.

  • CVE-2008-6789May 4, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788.

  • CVE-2008-6788May 4, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php.

  • CVE-2009-1517May 4, 2009
    risk 0.04cvss epss 0.07

    Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via…

  • CVE-2009-1516May 4, 2009
    risk 0.03cvss epss 0.03

    Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly…

  • CVE-2009-1515May 4, 2009
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are…

  • CVE-2009-1514May 4, 2009
    risk 0.03cvss epss 0.03

    Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value.

  • CVE-2009-1513May 4, 2009
    risk 0.00cvss epss 0.04

    Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name.

  • CVE-2009-1512May 1, 2009
    risk 0.03cvss epss 0.04

    Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php.

  • CVE-2009-1511May 1, 2009
    risk 0.04cvss epss 0.14

    GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value.

  • CVE-2009-1510May 1, 2009
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in KoschtIT Image Gallery 1.82 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the file parameter to (1) ki_makepic.php and (2) ki_nojsdisplayimage.php in ki_base/.

  • CVE-2009-1509May 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.

  • CVE-2009-1508May 1, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the xforum_validateUser function in Common.php in X-Forum 0.6.2 allows remote attackers to execute arbitrary SQL commands, as demonstrated via the cookie_username parameter to Configure.php.

  • CVE-2008-6787May 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in administrator/index.php in Lizardware CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user.

  • CVE-2008-6786May 1, 2009
    risk 0.00cvss epss 0.02

    Multiple directory traversal vulnerabilities in geekigeeki.py in GeekiGeeki before 3.0 allow remote attackers to read arbitrary files via directory traversal sequences in a pagename argument in the (1) handle_edit and (2) handle_raw functions.

  • CVE-2008-6785May 1, 2009
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a name.php…

  • CVE-2009-1507May 1, 2009
    risk 0.00cvss epss 0.01

    The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or…

  • CVE-2009-1506May 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to banner-details.php.

  • CVE-2009-1505May 1, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field.

  • CVE-2009-1504May 1, 2009
    risk 0.03cvss epss 0.02

    Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."

  • CVE-2009-1503May 1, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in login.php in Tiger Document Management System (DMS) allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

  • CVE-2009-1502May 1, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.

  • CVE-2009-1501May 1, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image.

  • CVE-2009-1500May 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter.

  • CVE-2009-1365May 1, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0.4 and 3.5.x before 3.5.2, as used in Flash Media Interactive Server and Flash Media Streaming Server, allows remote attackers to execute arbitrary remote procedures within an ActionScript file on the server…

  • CVE-2009-1364May 1, 2009
    risk 0.00cvss epss 0.03

    Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.

  • CVE-2008-6784May 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.

  • CVE-2008-6783May 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Home Business Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.

  • CVE-2008-6782May 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Hosting Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.

  • CVE-2008-6781May 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in directory.php in Sites for Scripts (SFS) Gaming Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.

  • CVE-2008-6780May 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in directory.php in Scripts for Sites (SFS) SFS EZ Affiliate allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.

  • CVE-2008-6779May 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.

  • CVE-2008-6778May 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in viewfaqs.php in Scripts for Sites (SFS) EZ Auction allows remote attackers to execute arbitrary SQL commands via the cat parameter.

  • CVE-2008-6777May 1, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in a newconfirm action, and (3) reqpwd action to member.php; and the (4) quote…

  • CVE-2008-6776May 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in viewcomments.php in Scripts For Sites (SFS) EZ Hot or Not allows remote attackers to execute arbitrary SQL commands via the phid parameter.

  • CVE-2009-1499May 1, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor.

  • CVE-2009-1498May 1, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in inc/profilemain.php in Game Maker 2k Internet Discussion Boards (iDB) 0.2.5 Pre-Alpha SVN 243 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter in a settings action to profile.php.

  • CVE-2009-1497May 1, 2009
    risk 0.04cvss epss 0.07

    Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Player (GOM Player) 2.1.16.4635 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in an SRT file.

  • CVE-2009-1496May 1, 2009
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.

  • CVE-2009-1495May 1, 2009
    risk 0.03cvss epss 0.02

    Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb.

  • CVE-2008-6775May 1, 2009
    risk 0.03cvss epss 0.03

    HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to cause denial of service (CPU consumption, SMS consumption, and connectivity loss) via a flood of vCards to UDP port 9204.

  • CVE-2009-1313Apr 30, 2009
    risk 0.04cvss epss 0.08

    The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly…

  • CVE-2009-1494Apr 30, 2009
    risk 0.00cvss epss 0.01

    The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port.

  • CVE-2009-1493Apr 30, 2009
    risk 0.05cvss epss 0.22

    The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with…

  • CVE-2009-1492Apr 30, 2009
    risk 0.05cvss epss 0.26

    The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry…