VYPR

CVEs

345,051 total · page 6187 of 6,902

  • CVE-2008-6548Mar 30, 2009
    risk 0.00cvss epss 0.01

    The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.

  • CVE-2008-6547Mar 30, 2009
    risk 0.00cvss epss 0.01

    schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors.

  • CVE-2008-6546Mar 30, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in phpns before 2.1.3 has unknown impact and attack vectors related to "activation permissions."

  • CVE-2008-6545Mar 30, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2008-6544Mar 30, 2009
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to…

  • CVE-2008-6543Mar 30, 2009
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classifieds/index.php3, and (5) classifieds/view.php3; (6) index.php3, (7) manager.php3,…

  • CVE-2008-6542Mar 30, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or…

  • CVE-2008-6541Mar 30, 2009
    risk 0.00cvss epss 0.01

    Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain privileges to the server via unspecified vectors.

  • CVE-2008-6540Mar 30, 2009
    risk 0.03cvss epss 0.03

    DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the…

  • CVE-2008-6539Mar 30, 2009
    risk 0.03cvss epss 0.02

    Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a crafted pin parameter.

  • CVE-2008-6538Mar 30, 2009
    risk 0.03cvss epss 0.02

    DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser.

  • CVE-2008-6537Mar 30, 2009
    risk 0.04cvss epss 0.06

    LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.

  • CVE-2008-6536Mar 30, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).

  • CVE-2007-6721Mar 30, 2009
    risk 0.00cvss epss 0.02

    The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."

  • CVE-2009-0845Mar 27, 2009
    risk 0.00cvss epss 0.06

    The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in…

  • CVE-2009-0789Mar 27, 2009
    risk 0.00cvss epss 0.03

    OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate,…

  • CVE-2009-0637Mar 27, 2009
    risk 0.00cvss epss 0.03

    The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command.

  • CVE-2009-0636Mar 27, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message.

  • CVE-2009-0635Mar 27, 2009
    risk 0.00cvss epss 0.03

    Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.

  • CVE-2009-0634Mar 27, 2009
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via an…

  • CVE-2009-0633Mar 27, 2009
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6 packets, aka Bug ID CSCsm97220.

  • CVE-2009-0630Mar 27, 2009
    risk 0.00cvss epss 0.02

    The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission Control HTTP Authentication…

  • CVE-2009-0629Mar 27, 2009
    risk 0.00cvss epss 0.04

    The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling…

  • CVE-2009-0628Mar 27, 2009
    risk 0.00cvss epss 0.02

    Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak.

  • CVE-2009-0626Mar 27, 2009
    risk 0.00cvss epss 0.02

    The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet.

  • CVE-2009-0591Mar 27, 2009
    risk 0.00cvss epss 0.03

    The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.

  • CVE-2009-0590Mar 27, 2009
    risk 0.00cvss epss 0.06

    The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

  • CVE-2009-0631Mar 27, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol (MGCP) allows remote…

  • CVE-2009-1169Mar 27, 2009
    risk 0.04cvss epss 0.10

    The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.

  • CVE-2008-6535Mar 26, 2009
    risk 0.04cvss epss 0.06

    admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter.

  • CVE-2008-6534Mar 26, 2009
    risk 0.03cvss epss 0.04

    Incomplete blacklist vulnerability in NULL FTP Server Free and Pro 1.1.0.7 allows remote authenticated users to execute arbitrary commands via a custom SITE command containing shell metacharacters such as "&" (ampersand) in the middle of an argument.

  • CVE-2008-6533Mar 26, 2009
    risk 0.00cvss epss 0.02

    Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

  • CVE-2008-6532Mar 26, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old…

  • CVE-2008-6531Mar 26, 2009
    risk 0.00cvss epss 0.03

    The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."

  • CVE-2008-6530Mar 26, 2009
    risk 0.03cvss epss 0.02

    Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file.

  • CVE-2008-6529Mar 26, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to inject arbitrary web script or HTML via the r parameter.

  • CVE-2009-1152Mar 26, 2009
    risk 0.03cvss epss 0.05

    Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and possibly other versions, allows remote attackers to cause a denial of service (device restart and loss of configuration) by connecting to TCP port 53, then closing the connection.

  • CVE-2009-1151CriKEVMar 26, 2009
    risk 0.86cvss 9.8epss 0.95

    Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

  • CVE-2009-1150Mar 26, 2009
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.

  • CVE-2009-1149Mar 26, 2009
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.

  • CVE-2009-1148Mar 26, 2009
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable).

  • CVE-2008-6528Mar 26, 2009
    risk 0.03cvss epss 0.03

    NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream.

  • CVE-2009-1071Mar 26, 2009
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in Icarus 2.0 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted Portable Game Notation (.pgn) file.

  • CVE-2009-1070Mar 26, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter.

  • CVE-2009-1069Mar 26, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in…

  • CVE-2009-1068Mar 26, 2009
    risk 0.04cvss epss 0.15

    Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file.

  • CVE-2009-1067Mar 26, 2009
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to inject arbitrary web script or HTML via the x parameter.

  • CVE-2009-1066Mar 26, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the referral function in admin/lib/lib_logs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request.

  • CVE-2009-1065Mar 26, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2009-1064Mar 26, 2009
    risk 0.03cvss epss 0.04

    Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download…