VYPR

CVEs

345,040 total · page 6204 of 6,901

  • CVE-2009-0571Feb 13, 2009
    risk 0.03cvss epss 0.02

    admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory.

  • CVE-2009-0570Feb 13, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in send.php in Ninja Designs Mailist 3.0, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter. NOTE: some of these…

  • CVE-2009-0503Feb 13, 2009
    risk 0.00cvss epss 0.00

    IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs.

  • CVE-2009-0361Feb 13, 2009
    risk 0.00cvss epss 0.00

    Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME…

  • CVE-2009-0360Feb 13, 2009
    risk 0.03cvss epss 0.01

    Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching…

  • CVE-2009-0216Feb 13, 2009
    risk 0.00cvss epss 0.03

    GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified…

  • CVE-2009-0569Feb 13, 2009
    risk 0.00cvss epss 0.05

    Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows remote attackers to execute arbitrary code via a mail message with a crafted return receipt request.

  • CVE-2009-0362Feb 13, 2009
    risk 0.00cvss epss 0.01

    filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP…

  • CVE-2008-6125Feb 13, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors.

  • CVE-2008-6124Feb 13, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected…

  • CVE-2009-0141MedFeb 13, 2009
    risk 0.36cvss 5.5epss 0.00

    XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user.

  • CVE-2009-0140Feb 13, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system name.

  • CVE-2009-0139Feb 13, 2009
    risk 0.00cvss epss 0.03

    Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow.

  • CVE-2009-0138Feb 13, 2009
    risk 0.00cvss epss 0.04

    servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration.

  • CVE-2009-0137Feb 13, 2009
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues."

  • CVE-2009-0020Feb 13, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption.

  • CVE-2009-0019Feb 13, 2009
    risk 0.00cvss epss 0.02

    Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access.

  • CVE-2009-0018Feb 13, 2009
    risk 0.00cvss epss 0.03

    The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory.

  • CVE-2009-0017Feb 13, 2009
    risk 0.00cvss epss 0.00

    csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow.

  • CVE-2009-0015Feb 13, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management."

  • CVE-2009-0014Feb 13, 2009
    risk 0.00cvss epss 0.00

    Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder.

  • CVE-2009-0013Feb 13, 2009
    risk 0.00cvss epss 0.00

    dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.

  • CVE-2009-0012Feb 13, 2009
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted Unicode string.

  • CVE-2009-0011Feb 13, 2009
    risk 0.00cvss epss 0.00

    Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file.

  • CVE-2009-0009Feb 13, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption.

  • CVE-2009-0548Feb 12, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Additional Report Settings interface in ESET Remote Administrator before 3.0.105 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party…

  • CVE-2009-0547Feb 12, 2009
    risk 0.00cvss epss 0.02

    Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than…

  • CVE-2009-0546Feb 12, 2009
    risk 0.06cvss epss 0.37

    Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbitrary code via a long text attribute in an outline element in a .opml file.

  • CVE-2009-0545Feb 12, 2009
    risk 0.10cvss epss 0.91

    cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.

  • CVE-2009-0142Feb 12, 2009
    risk 0.00cvss epss 0.00

    Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic."

  • CVE-2009-0544Feb 12, 2009
    risk 0.04cvss epss 0.12

    Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length.

  • CVE-2009-0543Feb 12, 2009
    risk 0.04cvss epss 0.14

    ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.

  • CVE-2009-0542Feb 12, 2009
    risk 0.09cvss epss 0.75

    SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.

  • CVE-2008-6123Feb 12, 2009
    risk 0.00cvss epss 0.03

    The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP…

  • CVE-2009-0536Feb 11, 2009
    risk 0.00cvss epss 0.01

    at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.

  • CVE-2009-0535Feb 11, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in export.php in Thyme 1.3 and earlier, when register_globals is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the export_to parameter.

  • CVE-2009-0534Feb 11, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in FlexCMS allows remote attackers to execute arbitrary SQL commands via the catId parameter.

  • CVE-2009-0533Feb 11, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in password.php in Scripts for Sites EZ Reminder allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this information is unknown; the…

  • CVE-2009-0532Feb 11, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in password.php in Scripts For Sites (SFS) EZ Baby allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this information is unknown; the…

  • CVE-2009-0531Feb 11, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter.

  • CVE-2009-0530Feb 11, 2009
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2.2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SCRIPT_PATH] parameter to includes/vars.inc.php and the (2) g_pcltar_lib_dir parameter…

  • CVE-2009-0529Feb 11, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in SnippetMaster Webpage Editor 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the language parameter.

  • CVE-2009-0528Feb 11, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in frame.php in Rhadrix If-CMS 2.07 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2009-0527Feb 11, 2009
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.

  • CVE-2009-0526Feb 11, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdaptCMS Lite 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) url and (2) acuparam parameters, and (3) the URI.

  • CVE-2009-0525Feb 11, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the sajax_get_common_js function in php/Sajax.php in Sajax 0.12 allows remote attackers to inject arbitrary web script or HTML via the URL parameter, which is not properly handled when using browsers that do not URL-encode requests,…

  • CVE-2009-0036Feb 11, 2009
    risk 0.03cvss epss 0.01

    Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the…

  • CVE-2008-6122Feb 11, 2009
    risk 0.03cvss epss 0.03

    The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?").

  • CVE-2008-6121Feb 11, 2009
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie.

  • CVE-2008-6120Feb 11, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in profile_comments.php in SocialEngine (SE) 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the comment_secure parameter.