VYPR

CVEs

345,149 total · page 6183 of 6,903

  • CVE-2008-6704Apr 10, 2009
    risk 0.00cvss epss 0.02

    Integer overflow in the NET_Compressor::Decompress function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (server crash) via a crafted packet with a 0xc1 value that contains no compressed data, which triggers a…

  • CVE-2008-6703Apr 10, 2009
    risk 0.04cvss epss 0.08

    Stack-based buffer overflow in the IPureServer::_Recieve function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to execute arbitrary code via a compressed 0x39 packet, which is decompressed by the NET_Compressor::Decompress function.

  • CVE-2008-6702Apr 10, 2009
    risk 0.03cvss epss 0.03

    S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (crash) via a long nickname, which triggers an exception.

  • CVE-2008-6701Apr 10, 2009
    risk 0.00cvss epss 0.01

    NetScout (formerly Network General) Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/en_US/domains/add_domain.jsp, which allows remote attackers to gain administrator privileges via a direct request.

  • CVE-2008-6700Apr 10, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4)…

  • CVE-2008-6699Apr 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2008-6698Apr 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2008-6697Apr 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2008-6696Apr 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2008-6695Apr 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in TIMTAB social bookmark icons (timtab_sociable) 2.0.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2008-6694Apr 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2008-6693Apr 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Download system (sb_downloader) extension 0.1.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2008-6692Apr 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Diocese of Portsmouth Training Courses (pd_trainingcourses) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2008-6691Apr 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2008-6690Apr 10, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in nepa-design.de Spam Protection (nd_antispam) extension 1.0.3 for TYPO3 allows remote attackers to modify configuration via unknown vectors.

  • CVE-2008-6689Apr 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2008-6688Apr 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2008-6687Apr 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglemap) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2008-6686Apr 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2008-6685Apr 10, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors.

  • CVE-2008-6684Apr 10, 2009
    risk 0.00cvss epss 0.03

    Unrestricted file upload vulnerability in editimage.php in Apartment Search Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a GIF header, then accessing this file via a direct request to a renamed file in…

  • CVE-2008-6683Apr 10, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in listtest.php in Apartment Search Script allows remote attackers to inject arbitrary web script or HTML via the r parameter.

  • CVE-2009-1284Apr 9, 2009
    risk 0.04cvss epss 0.12

    Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.

  • CVE-2009-1283Apr 9, 2009
    risk 0.03cvss epss 0.01

    glFusion before 1.1.3 performs authentication with a user-provided password hash instead of a password, which allows remote attackers to gain privileges by obtaining the hash and using it in the glf_password cookie, aka "User Masquerading." NOTE: this can be leveraged with a…

  • CVE-2009-1282Apr 9, 2009
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter.

  • CVE-2009-1281Apr 9, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-1280Apr 9, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2009-1279Apr 9, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the…

  • CVE-2009-1278Apr 9, 2009
    risk 0.03cvss epss 0.02

    Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php.

  • CVE-2009-1277Apr 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2.

  • CVE-2009-1276Apr 9, 2009
    risk 0.00cvss epss 0.00

    XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by…

  • CVE-2009-1275Apr 9, 2009
    risk 0.00cvss epss 0.03

    Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified…

  • CVE-2009-1160Apr 9, 2009
    risk 0.00cvss epss 0.01

    Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send…

  • CVE-2009-1159Apr 9, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback…

  • CVE-2009-1158Apr 9, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of…

  • CVE-2009-1157Apr 9, 2009
    risk 0.00cvss epss 0.03

    Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or…

  • CVE-2009-1156Apr 9, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2)…

  • CVE-2009-1155Apr 9, 2009
    risk 0.00cvss epss 0.02

    Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to…

  • CVE-2009-1144Apr 9, 2009
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.

  • CVE-2009-0793Apr 9, 2009
    risk 0.00cvss epss 0.05

    cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of…

  • CVE-2009-0197Apr 9, 2009
    risk 0.00cvss epss 0.05

    Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large XPM file that triggers a heap-based buffer overflow.

  • CVE-2008-6682Apr 9, 2009
    risk 0.00cvss epss 0.06

    Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute…

  • CVE-2008-6681Apr 9, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.

  • CVE-2008-5519Apr 9, 2009
    risk 0.01cvss epss 0.07

    The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length…

  • CVE-2008-2025Apr 9, 2009
    risk 0.01cvss epss 0.08

    Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to…

  • CVE-2007-6726Apr 9, 2009
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.

  • CVE-2009-1254Apr 9, 2009
    risk 0.00cvss epss 0.02

    James Stone Tunapie 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a stream URL.

  • CVE-2009-1253Apr 9, 2009
    risk 0.00cvss epss 0.00

    James Stone Tunapie 2.1 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file.

  • CVE-2009-1251Apr 9, 2009
    risk 0.01cvss epss 0.06

    Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data…

  • CVE-2009-1250Apr 9, 2009
    risk 0.00cvss epss 0.04

    The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer…