VYPR

CVEs

345,054 total · page 6185 of 6,902

  • CVE-2008-6587Apr 3, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze (formerly Azureus HTML WebUI), probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that force the download of arbitrary torrent files via the upurl parameter.

  • CVE-2008-6586Apr 3, 2009
    risk 0.03cvss epss 0.03

    Cross-site request forgery (CSRF) vulnerability in gui/index.php in µTorrent (uTorrent) WebUI 0.315 allows remote attackers to (1) hijack the authentication of users for requests that force the download of arbitrary torrent files via the add-url action and (2) hijack the…

  • CVE-2008-6585Apr 3, 2009
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action.

  • CVE-2008-6584Apr 3, 2009
    risk 0.00cvss epss 0.02

    html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/…

  • CVE-2008-6583Apr 3, 2009
    risk 0.04cvss epss 0.07

    Buffer overflow in BS.player 2.27 build 959 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .SRT file.

  • CVE-2009-1238Apr 2, 2009
    risk 0.03cvss epss 0.01

    Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads,…

  • CVE-2009-1237Apr 2, 2009
    risk 0.03cvss epss 0.01

    Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.

  • CVE-2009-1236Apr 2, 2009
    risk 0.04cvss epss 0.08

    Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort…

  • CVE-2009-1235Apr 2, 2009
    risk 0.03cvss epss 0.01

    XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain…

  • CVE-2009-1234Apr 2, 2009
    risk 0.04cvss epss 0.07

    Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected.

  • CVE-2009-1233Apr 2, 2009
    risk 0.03cvss epss 0.04

    Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements.

  • CVE-2009-1232Apr 2, 2009
    risk 0.03cvss epss 0.05

    Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also…

  • CVE-2009-1231Apr 2, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the eClient in IBM DB2 Content Manager 8.4.1 before 8.4.1.1 has unknown impact and attack vectors.

  • CVE-2009-1230Apr 2, 2009
    risk 0.03cvss epss 0.02

    Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action.

  • CVE-2009-1229Apr 2, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Arcadwy Arcade Script allows remote attackers to execute arbitrary SQL commands via the user cookie parameter.

  • CVE-2009-1228Apr 2, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field (user_name parameter).

  • CVE-2009-1227Apr 2, 2009
    risk 0.04cvss epss 0.07

    NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP…

  • CVE-2009-1226Apr 2, 2009
    risk 0.03cvss epss 0.02

    core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter.

  • CVE-2009-1225Apr 2, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.

  • CVE-2009-1224Apr 2, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in vsp-core/pub/themes/bismarck/gamestat.php in vsp stats processor 0.45 allows remote attackers to execute arbitrary SQL commands via the gameID parameter.

  • CVE-2009-1223Apr 2, 2009
    risk 0.00cvss epss 0.01

    aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb.

  • CVE-2009-1222Apr 2, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the WE_LANGUAGE parameter.

  • CVE-2008-6582Apr 2, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.

  • CVE-2008-6581Apr 2, 2009
    risk 0.03cvss epss 0.03

    login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter.

  • CVE-2008-6580Apr 2, 2009
    risk 0.03cvss epss 0.02

    The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb.

  • CVE-2003-1571Apr 2, 2009
    risk 0.03cvss epss 0.03

    Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that…

  • CVE-2008-6579Apr 1, 2009
    risk 0.00cvss epss 0.01

    Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators."

  • CVE-2008-6578Apr 1, 2009
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors.

  • CVE-2008-6577Apr 1, 2009
    risk 0.00cvss epss 0.03

    Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges.

  • CVE-2008-6576Apr 1, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion and failed updates) via…

  • CVE-2008-6575Apr 1, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors.

  • CVE-2008-6574Apr 1, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials.

  • CVE-2008-6573Apr 1, 2009
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager…

  • CVE-2009-1220Apr 1, 2009
    risk 0.04cvss epss 0.09

    Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows…

  • CVE-2009-1219Apr 1, 2009
    risk 0.04cvss epss 0.09

    Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid…

  • CVE-2009-1218Apr 1, 2009
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to…

  • CVE-2007-4475Apr 1, 2009
    risk 0.06cvss epss 0.40

    Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method.

  • CVE-2009-1217Apr 1, 2009
    risk 0.04cvss epss 0.16

    Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by…

  • CVE-2009-1216Apr 1, 2009
    risk 0.02cvss epss 0.24

    Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA); as used in gunzip, gzip, pack, pcat, and unpack 7.x before…

  • CVE-2008-4825Apr 1, 2009
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file.

  • CVE-2008-3871Apr 1, 2009
    risk 0.00cvss epss 0.03

    Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.

  • CVE-2009-1215Apr 1, 2009
    risk 0.00cvss epss 0.00

    Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.

  • CVE-2009-1214Apr 1, 2009
    risk 0.00cvss epss 0.00

    GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.

  • CVE-2009-1213Apr 1, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.

  • CVE-2009-1212Apr 1, 2009
    risk 0.03cvss epss 0.06

    Multiple insecure method vulnerabilities in PRECIS~2.DLL in the PrecisionID Datamatrix ActiveX control (DMATRIXLib.Datamatrix) allow remote attackers to overwrite arbitrary files via the (1) SaveBarCode and (2) SaveEnhWMF methods.

  • CVE-2009-1211Apr 1, 2009
    risk 0.00cvss epss 0.01

    Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with…

  • CVE-2009-1210Apr 1, 2009
    risk 0.04cvss epss 0.15

    Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party…

  • CVE-2009-1209Apr 1, 2009
    risk 0.04cvss epss 0.12

    Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute.

  • CVE-2009-1208Apr 1, 2009
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.

  • CVE-2009-1207Apr 1, 2009
    risk 0.00cvss epss 0.00

    Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.