VYPR

CVEs

345,046 total · page 6193 of 6,901

  • CVE-2009-0085Mar 10, 2009
    risk 0.01cvss epss 0.15

    The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport…

  • CVE-2009-0083Mar 10, 2009
    risk 0.00cvss epss 0.01

    The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."

  • CVE-2009-0082HigMar 10, 2009
    risk 0.51cvss 7.8epss 0.01

    The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows…

  • CVE-2009-0081Mar 10, 2009
    risk 0.03cvss epss 0.32

    The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute…

  • CVE-2009-0868Mar 10, 2009
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

  • CVE-2009-0867Mar 10, 2009
    risk 0.00cvss epss 0.01

    The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and 3.0.1 allows remote attackers to obtain (1) hardware and (2) software information via unspecified requests in a client connection.

  • CVE-2009-0866Mar 10, 2009
    risk 0.03cvss epss 0.03

    pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php.

  • CVE-2009-0865Mar 10, 2009
    risk 0.03cvss epss 0.06

    Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX…

  • CVE-2009-0864Mar 10, 2009
    risk 0.03cvss epss 0.03

    S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.

  • CVE-2009-0863Mar 10, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2009-0862Mar 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the hook_cntrlr_error_output function in modules/page/hooks/listeners.php in the admincp component in TangoCMS 2.2.x (aka Eagle) before 2.2.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. …

  • CVE-2009-0861Mar 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in phpDenora before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via an IRC channel name. NOTE: some of these details are obtained from third party information.

  • CVE-2009-0860Mar 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the web user interface in the login application in NetMRI 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to error pages.

  • CVE-2009-0859Mar 9, 2009
    risk 0.00cvss epss 0.00

    The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as…

  • CVE-2009-0858Mar 9, 2009
    risk 0.04cvss epss 0.06

    The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses…

  • CVE-2009-0857Mar 9, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the…

  • CVE-2009-0856Mar 9, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-0855Mar 9, 2009
    risk 0.03cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-0825Mar 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2009-0781Mar 9, 2009
    risk 0.01cvss epss 0.09

    Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the…

  • CVE-2009-0537Mar 9, 2009
    risk 0.03cvss epss 0.04

    Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level…

  • CVE-2009-0027Mar 9, 2009
    risk 0.00cvss epss 0.02

    The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote…

  • CVE-2009-0853Mar 9, 2009
    risk 0.03cvss epss 0.02

    login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value.

  • CVE-2009-0852Mar 9, 2009
    risk 0.03cvss epss 0.03

    showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter.

  • CVE-2009-0851Mar 9, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php.

  • CVE-2009-0850Mar 9, 2009
    risk 0.02cvss epss 0.30

    Cross-site scripting (XSS) vulnerability in BitDefender Internet Security 2009 allows user-assisted remote attackers to inject arbitrary web script or HTML via the filename of a virus-infected file, as demonstrated by a filename inside a (1) rar or (2) zip archive file.

  • CVE-2009-0849Mar 9, 2009
    risk 0.04cvss epss 0.17

    Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platforms via a long username field during backup domain authentication, related to libnnlindtb.so; or (2) cause a denial of service…

  • CVE-2008-6450Mar 9, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Under Construction, Baby (UCB) PC2M 0.9.22.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2008-6449Mar 9, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via…

  • CVE-2008-6448Mar 9, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC System MTCMS WYSIWYG Editor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-6447Mar 9, 2009
    risk 0.03cvss epss 0.06

    Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail MailStore ActiveX control allows remote attackers to execute arbitrary code via a long first argument to the CreateStore method.

  • CVE-2008-6446Mar 9, 2009
    risk 0.03cvss epss 0.02

    Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter.

  • CVE-2008-6445Mar 9, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information.

  • CVE-2008-6444Mar 9, 2009
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value.

  • CVE-2008-6443Mar 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in forum_duzen.php in phpKF allows remote attackers to execute arbitrary SQL commands via the fno parameter.

  • CVE-2008-6442Mar 9, 2009
    risk 0.03cvss epss 0.02

    Insecure method vulnerability in Sina Inc. DLoader Class ActiveX Control allows remote attackers to overwrite arbitrary files via a URL in the first parameter to the DonwloadAndInstall method. NOTE: the provenance of this information is unknown; the details are obtained solely…

  • CVE-2008-6441Mar 9, 2009
    risk 0.00cvss epss 0.04

    Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.

  • CVE-2009-0838Mar 6, 2009
    risk 0.00cvss epss 0.00

    The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function.

  • CVE-2008-6440Mar 6, 2009
    risk 0.00cvss epss 0.01

    Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.

  • CVE-2008-6439Mar 6, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

  • CVE-2008-6438Mar 6, 2009
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also…

  • CVE-2008-6437Mar 6, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum 1.0 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to error.php, and the (2) nickname and (3) randomid parameters to part/menu.php.

  • CVE-2008-6436Mar 6, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-6435Mar 6, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in phpSQLiteCMS 1 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[home], (2) lang[admin_menu], and (3) lang[admin_menu_page_overview] parameters to cms/includes/header.inc.php; and the (4)…

  • CVE-2008-6434Mar 6, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter.

  • CVE-2008-6433Mar 6, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.

  • CVE-2008-6431Mar 6, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) outpused parameter to index.php, the (2) footer_copyright and (3) verandproname parameters to newtem/footer/bsd01footer.php, and the (4)…

  • CVE-2008-6430Mar 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

  • CVE-2008-6429Mar 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php.

  • CVE-2008-6428Mar 6, 2009
    risk 0.00cvss epss 0.01

    The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.