VYPR

CVEs

345,178 total · page 6180 of 6,904

  • CVE-2009-1338Apr 22, 2009
    risk 0.00cvss epss 0.00

    The kill_something_info function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in…

  • CVE-2009-1337Apr 22, 2009
    risk 0.03cvss epss 0.01

    The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and…

  • CVE-2009-1336Apr 22, 2009
    risk 0.00cvss epss 0.00

    fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function.

  • CVE-2009-1358Apr 21, 2009
    risk 0.00cvss epss 0.04

    apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious…

  • CVE-2008-6742Apr 21, 2009
    risk 0.03cvss epss 0.02

    Foxy P2P software allows remote attackers to cause a denial of service (memory consumption) via a foxy URI with a download action and a large fs value.

  • CVE-2008-6741Apr 21, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to…

  • CVE-2008-6740Apr 21, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in html/admin/modules/plugin_admin.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the _settings[pluginpath] parameter.

  • CVE-2008-6739Apr 21, 2009
    risk 0.03cvss epss 0.02

    Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request.

  • CVE-2008-6738Apr 21, 2009
    risk 0.03cvss epss 0.03

    MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1.

  • CVE-2008-6737Apr 21, 2009
    risk 0.03cvss epss 0.03

    Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information.

  • CVE-2008-6736Apr 21, 2009
    risk 0.03cvss epss 0.02

    Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the…

  • CVE-2008-6735Apr 21, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the sLanguage cookie.

  • CVE-2008-6734Apr 21, 2009
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in Public/index.php in Keller Web Admin CMS 0.94 Pro allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.

  • CVE-2008-6733Apr 21, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter.

  • CVE-2008-6732Apr 21, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via "newly generated paths."

  • CVE-2006-7238Apr 21, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in MyShoutPro before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-1356Apr 21, 2009
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in Elecard AVC HD Player allows remote attackers to execute arbitrary code via a long MP3 filename in a playlist (.xpl) file.

  • CVE-2009-1355Apr 21, 2009
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename.

  • CVE-2009-1354Apr 21, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

  • CVE-2009-1353Apr 21, 2009
    risk 0.04cvss epss 0.08

    Buffer overflow in the http_parse_hex function in libz/misc.c in Zervit Webserver 0.02 allows remote attackers to cause a denial of service (daemon crash) via a long URI, related to http.c.

  • CVE-2009-1352Apr 21, 2009
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in Dawningsoft PowerCHM 5.7 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an HTML file with a link to a long URL, as demonstrated by a .rar URL.

  • CVE-2009-1351Apr 21, 2009
    risk 0.03cvss epss 0.06

    Heap-based buffer overflow in Apollo 37zz allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file.

  • CVE-2009-1350Apr 21, 2009
    risk 0.08cvss epss 0.66

    Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer.

  • CVE-2009-1349Apr 21, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in C2Net Stronghold 2.3 allows remote attackers to inject arbitrary web script or HTML via the URI.

  • CVE-2009-1266Apr 21, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors.

  • CVE-2009-0718Apr 21, 2009
    risk 0.01cvss epss 0.08

    Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2009-0717Apr 21, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service via unknown vectors.

  • CVE-2009-0716Apr 21, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service or obtain "access" via unknown vectors.

  • CVE-2009-0715Apr 21, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials 6.0.2 through 6.0.4 allows remote authenticated users to obtain "access" or "extended privileges" via unknown vectors.

  • CVE-2009-1347Apr 20, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name parameter (aka the username field) or (2) the login_pw parameter (aka the password field).

  • CVE-2009-1346Apr 20, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 allows remote attackers to execute arbitrary SQL commands via the id_establecimiento parameter.

  • CVE-2009-1345Apr 20, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter.

  • CVE-2009-1344Apr 20, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality.

  • CVE-2009-1343Apr 20, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.5 and 6.x before 6.x-1.5, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via content titles.

  • CVE-2009-1342Apr 20, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form.

  • CVE-2008-6731Apr 20, 2009
    risk 0.03cvss epss 0.06

    Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.

  • CVE-2008-6730Apr 20, 2009
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka…

  • CVE-2008-6729Apr 20, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.

  • CVE-2008-6728Apr 20, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.

  • CVE-2008-6727Apr 20, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

  • CVE-2009-1335Apr 17, 2009
    risk 0.04cvss epss 0.15

    Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr.

  • CVE-2009-1334Apr 17, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter.

  • CVE-2009-1333Apr 17, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the web interface on the HP Deskjet 6840 printer with firmware XF1M131A allows remote attackers to inject arbitrary web script or HTML via the POST request body.

  • CVE-2009-1332Apr 17, 2009
    risk 0.00cvss epss 0.02

    The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors.

  • CVE-2009-1331Apr 17, 2009
    risk 0.04cvss epss 0.18

    Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid.

  • CVE-2009-1186Apr 17, 2009
    risk 0.00cvss epss 0.01

    Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.

  • CVE-2009-1185Apr 17, 2009
    risk 0.10cvss epss 0.82

    udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

  • CVE-2009-0039Apr 17, 2009
    risk 0.00cvss epss 0.11

    Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration…

  • CVE-2009-0038Apr 17, 2009
    risk 0.00cvss epss 0.18

    Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to…

  • CVE-2008-5518Apr 17, 2009
    risk 0.00cvss epss 0.36

    Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3)…