VYPR

CVEs

345,046 total · page 6195 of 6,901

  • CVE-2009-0820Mar 5, 2009
    risk 0.03cvss epss 0.05

    Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to check.php. NOTE: the start_date/reserve.php vector is already…

  • CVE-2009-0819Mar 5, 2009
    risk 0.04cvss epss 0.10

    sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion…

  • CVE-2009-0818Mar 5, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to…

  • CVE-2009-0817Mar 5, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page…

  • CVE-2009-0816Mar 5, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.

  • CVE-2009-0815Mar 5, 2009
    risk 0.06cvss epss 0.42

    The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a…

  • CVE-2009-0814Mar 5, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 Beta 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.

  • CVE-2009-0813Mar 5, 2009
    risk 0.04cvss epss 0.09

    Insecure method vulnerability in the ImeraIEPlugin ActiveX control (ImeraIEPlugin.dll 1.0.2.54) in Imera TeamLinks Client allows remote attackers to force the download and execution of arbitrary URLs via modified DownloadProtocol, DownloadHost, DownloadPort, and DownloadURI…

  • CVE-2009-0777Mar 5, 2009
    risk 0.00cvss epss 0.01

    Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct…

  • CVE-2009-0776Mar 5, 2009
    risk 0.00cvss epss 0.02

    nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.

  • CVE-2009-0775Mar 5, 2009
    risk 0.00cvss epss 0.05

    Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during…

  • CVE-2009-0774Mar 5, 2009
    risk 0.00cvss epss 0.04

    The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than…

  • CVE-2009-0773Mar 5, 2009
    risk 0.00cvss epss 0.06

    The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which…

  • CVE-2009-0772Mar 5, 2009
    risk 0.00cvss epss 0.04

    The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage…

  • CVE-2009-0771Mar 5, 2009
    risk 0.00cvss epss 0.05

    The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.

  • CVE-2009-0619Mar 5, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Session Border Controller (SBC) before 3.0(2) for Cisco 7600 series routers allows remote attackers to cause a denial of service (SBC card reload) via crafted packets to TCP port 2000.

  • CVE-2009-0578Mar 5, 2009
    risk 0.00cvss epss 0.00

    GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSetti…

  • CVE-2009-0367Mar 5, 2009
    risk 0.04cvss epss 0.11

    The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the…

  • CVE-2009-0365Mar 5, 2009
    risk 0.00cvss epss 0.01

    nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.

  • CVE-2009-0186Mar 5, 2009
    risk 0.00cvss epss 0.04

    Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

  • CVE-2009-0037Mar 5, 2009
    risk 0.04cvss epss 0.08

    The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via…

  • CVE-2009-0812Mar 4, 2009
    risk 0.04cvss epss 0.07

    Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, 6.0.1.4603, and other 6.x and earlier versions allows remote attackers to execute arbitrary code via a crafted Intel Hex Code (.hex) file. NOTE: some of these details are obtained from third party information.

  • CVE-2009-0811Mar 4, 2009
    risk 0.03cvss epss 0.06

    Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer method.

  • CVE-2009-0810Mar 4, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in login.php in xGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter.

  • CVE-2009-0809Mar 4, 2009
    risk 0.00cvss epss 0.01

    The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the owner of the document…

  • CVE-2009-0808Mar 4, 2009
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2009-0807Mar 4, 2009
    risk 0.03cvss epss 0.02

    zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php.

  • CVE-2009-0806Mar 4, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in OpenGoo before 1.2.1 allows remote authenticated users to modify their own permissions via unknown attack vectors.

  • CVE-2009-0805Mar 4, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php.

  • CVE-2008-6398Mar 4, 2009
    risk 0.00cvss epss 0.00

    sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files.

  • CVE-2008-6397Mar 4, 2009
    risk 0.00cvss epss 0.00

    rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2008-6396Mar 4, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in account.php in Celerondude Uploader 6.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2008-6395Mar 4, 2009
    risk 0.00cvss epss 0.03

    The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request.

  • CVE-2008-6394Mar 4, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter.

  • CVE-2009-0804Mar 4, 2009
    risk 0.00cvss epss 0.02

    Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with…

  • CVE-2009-0803Mar 4, 2009
    risk 0.00cvss epss 0.02

    SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash,…

  • CVE-2009-0802Mar 4, 2009
    risk 0.00cvss epss 0.02

    Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with…

  • CVE-2009-0801Mar 4, 2009
    risk 0.00cvss epss 0.03

    Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted…

  • CVE-2009-0780Mar 4, 2009
    risk 0.00cvss epss 0.02

    The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and 4.4 allows remote attackers to cause a denial of service (application crash) via an Autonomous System (AS) advertisement containing a long AS path.

  • CVE-2009-0779Mar 4, 2009
    risk 0.00cvss epss 0.00

    Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local users to gain privileges via a long "input string."

  • CVE-2009-0759Mar 3, 2009
    risk 0.00cvss epss 0.02

    Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors.

  • CVE-2009-0758Mar 3, 2009
    risk 0.00cvss epss 0.02

    The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network…

  • CVE-2009-0757Mar 3, 2009
    risk 0.00cvss epss 0.02

    Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions.

  • CVE-2009-0756Mar 3, 2009
    risk 0.04cvss epss 0.10

    The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory…

  • CVE-2009-0755Mar 3, 2009
    risk 0.04cvss epss 0.11

    The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.

  • CVE-2009-0754Mar 3, 2009
    risk 0.03cvss epss 0.01

    PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on…

  • CVE-2009-0753Mar 3, 2009
    risk 0.03cvss epss 0.06

    Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename.

  • CVE-2008-6393Mar 3, 2009
    risk 0.04cvss epss 0.18

    PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, which bypasses a signed integer check and triggers an integer overflow and a…

  • CVE-2009-0752Mar 3, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism.

  • CVE-2009-0751Mar 2, 2009
    risk 0.04cvss epss 0.10

    Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers.