VYPR

CVEs

345,051 total · page 6189 of 6,902

  • CVE-2009-0215Mar 25, 2009
    risk 0.06cvss epss 0.36

    Stack-based buffer overflow in the GetXMLValue method in the IBM Access Support ActiveX control in IbmEgath.dll, as distributed on IBM and Lenovo computers, allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2009-1072Mar 25, 2009
    risk 0.00cvss epss 0.00

    nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.

  • CVE-2009-1062Mar 25, 2009
    risk 0.00cvss epss 0.06

    Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061.

  • CVE-2009-1061Mar 25, 2009
    risk 0.01cvss epss 0.11

    Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and…

  • CVE-2009-0928Mar 25, 2009
    risk 0.01cvss epss 0.10

    Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table.

  • CVE-2009-0921Mar 25, 2009
    risk 0.01cvss epss 0.13

    Multiple heap-based buffer overflows in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long OvAcceptLang cookie, which triggers the error in ov.dll and ovwww.dll, or (2) a long…

  • CVE-2009-0920Mar 25, 2009
    risk 0.09cvss epss 0.75

    Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.

  • CVE-2009-0891Mar 25, 2009
    risk 0.00cvss epss 0.02

    The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as…

  • CVE-2009-0787Mar 25, 2009
    risk 0.00cvss epss 0.00

    The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions…

  • CVE-2009-0207Mar 25, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local users to gain root…

  • CVE-2009-0193Mar 25, 2009
    risk 0.01cvss epss 0.10

    Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.

  • CVE-2009-1060Mar 24, 2009
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009.

  • CVE-2009-1059Mar 24, 2009
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote attackers to execute arbitrary code via a crafted .zip file. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.

  • CVE-2009-1058Mar 24, 2009
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in ZipGenius might allow remote attackers to execute arbitrary code via a crafted .zip file that triggers an SEH overwrite. NOTE: it is possible that this overlaps CVE-2005-3317. NOTE: CVE has not investigated whether the specified file.zip file can…

  • CVE-2009-1057Mar 24, 2009
    risk 0.04cvss epss 0.07

    MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file that triggers memory corruption, related to a "format string buffer overflow." NOTE: CVE has not investigated whether the specified file.zip file can be used for…

  • CVE-2009-1056Mar 24, 2009
    risk 0.00cvss epss 0.01

    IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported reports by "forcefully browsing."

  • CVE-2009-1055Mar 24, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests.

  • CVE-2009-1054Mar 24, 2009
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 2008, Lite2, and Ichitaro viewer 5.1.5.0 and earlier allows remote attackers to execute arbitrary code via a crafted file, as exploited in the wild by Trojan.Tarodrop.H in March 2009.

  • CVE-2009-1053Mar 24, 2009
    risk 0.00cvss epss 0.01

    chaozzDB 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.

  • CVE-2009-1052Mar 24, 2009
    risk 0.00cvss epss 0.01

    FireAnt 1.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.

  • CVE-2009-1051Mar 24, 2009
    risk 0.00cvss epss 0.01

    FubarForum 1.6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.

  • CVE-2009-1050Mar 24, 2009
    risk 0.03cvss epss 0.03

    Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie.

  • CVE-2009-1049Mar 24, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-6515Mar 24, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Fritz Berger yet another php photo album - next generation (yappa-ng) allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.

  • CVE-2008-6514Mar 24, 2009
    risk 0.00cvss epss 0.00

    The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920.

  • CVE-2008-6513Mar 24, 2009
    risk 0.03cvss epss 0.04

    Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowledgebase (aphpkb) 0.92.9 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a link that is listed by authors.php.

  • CVE-2008-6512Mar 24, 2009
    risk 0.00cvss epss 0.05

    Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on…

  • CVE-2009-1047Mar 23, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound…

  • CVE-2009-0584Mar 23, 2009
    risk 0.00cvss epss 0.04

    icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly…

  • CVE-2009-0583Mar 23, 2009
    risk 0.00cvss epss 0.05

    Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service…

  • CVE-2008-6511Mar 23, 2009
    risk 0.03cvss epss 0.02

    Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.

  • CVE-2008-6510Mar 23, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter.

  • CVE-2008-6509Mar 23, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.

  • CVE-2008-6508Mar 23, 2009
    risk 0.10cvss epss 0.83

    Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a…

  • CVE-2009-1046Mar 23, 2009
    risk 0.03cvss epss 0.01

    The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8…

  • CVE-2009-1045Mar 23, 2009
    risk 0.04cvss epss 0.09

    requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.

  • CVE-2008-6507Mar 23, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum.

  • CVE-2008-6506Mar 23, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors.

  • CVE-2009-1044Mar 23, 2009
    risk 0.01cvss epss 0.06

    Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at…

  • CVE-2009-1043Mar 23, 2009
    risk 0.02cvss epss 0.31

    Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.

  • CVE-2009-1042Mar 23, 2009
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.

  • CVE-2009-0733Mar 23, 2009
    risk 0.00cvss epss 0.06

    Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large…

  • CVE-2009-0723Mar 23, 2009
    risk 0.00cvss epss 0.05

    Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these…

  • CVE-2009-0581Mar 23, 2009
    risk 0.00cvss epss 0.03

    Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

  • CVE-2008-6505Mar 23, 2009
    risk 0.02cvss epss 0.73

    Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2)…

  • CVE-2008-6504Mar 23, 2009
    risk 0.06cvss epss 0.39

    ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language…

  • CVE-2009-1040Mar 20, 2009
    risk 0.03cvss epss 0.06

    Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote attackers to execute arbitrary code via a crafted project (.wap) file.

  • CVE-2009-1039Mar 20, 2009
    risk 0.03cvss epss 0.05

    Buffer overflow in CDex 1.70b2 allows remote attackers to execute arbitrary code via a crafted Info header in an Ogg Vorbis (.ogg) file.

  • CVE-2009-1038Mar 20, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif…

  • CVE-2009-1037Mar 20, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to send unlimited spam messages via unknown vectors related to the flood control API.