VYPR

CVEs

345,015 total · page 6214 of 6,901

  • CVE-2009-0030Jan 21, 2009
    risk 0.00cvss epss 0.02

    A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. …

  • CVE-2009-0026Jan 21, 2009
    risk 0.00cvss epss 0.22

    Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.

  • CVE-2009-0007Jan 21, 2009
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms.

  • CVE-2009-0006Jan 21, 2009
    risk 0.01cvss epss 0.08

    Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow.

  • CVE-2009-0005Jan 21, 2009
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption.

  • CVE-2009-0004Jan 21, 2009
    risk 0.00cvss epss 0.06

    Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file.

  • CVE-2009-0003Jan 21, 2009
    risk 0.01cvss epss 0.09

    Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure.

  • CVE-2009-0002Jan 21, 2009
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.

  • CVE-2009-0001Jan 21, 2009
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.

  • CVE-2008-3866Jan 21, 2009
    risk 0.00cvss epss 0.00

    The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the…

  • CVE-2008-3865Jan 21, 2009
    risk 0.01cvss epss 0.06

    Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers…

  • CVE-2008-3864Jan 21, 2009
    risk 0.00cvss epss 0.02

    The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service…

  • CVE-2008-5935Jan 21, 2009
    risk 0.00cvss epss 0.01

    Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. NOTE: some of these details are obtained from third party…

  • CVE-2008-5934Jan 21, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the id_sezione parameter.

  • CVE-2008-5933Jan 21, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for the cerca action) or (2) the id_oggetto parameter. NOTE: some of these details…

  • CVE-2008-5932Jan 21, 2009
    risk 0.03cvss epss 0.06

    CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained…

  • CVE-2008-5931Jan 21, 2009
    risk 0.03cvss epss 0.03

    The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are…

  • CVE-2008-5930Jan 21, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ASPired2Blog allows remote attackers to execute arbitrary SQL commands via the BlogID parameter.

  • CVE-2008-5929Jan 21, 2009
    risk 0.03cvss epss 0.03

    VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb. NOTE: some of these details are obtained…

  • CVE-2008-5928Jan 21, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in redir.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-5927Jan 21, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. NOTE: some of…

  • CVE-2008-5926Jan 21, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass field). NOTE: some of these details are obtained…

  • CVE-2008-5925Jan 21, 2009
    risk 0.00cvss epss 0.01

    ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb.

  • CVE-2008-5924Jan 21, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-5923Jan 21, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter.

  • CVE-2008-5922Jan 21, 2009
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters.

  • CVE-2008-5921Jan 21, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2009-0241Jan 21, 2009
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname.

  • CVE-2009-0240Jan 21, 2009
    risk 0.00cvss epss 0.02

    listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.

  • CVE-2009-0031Jan 21, 2009
    risk 0.00cvss epss 0.00

    Memory leak in the keyctl_join_session_keyring function (security/keys/keyctl.c) in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service (kernel memory consumption) via unknown vectors related to a "missing kfree."

  • CVE-2008-5920Jan 21, 2009
    risk 0.03cvss epss 0.03

    The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.

  • CVE-2008-5919Jan 21, 2009
    risk 0.04cvss epss 0.06

    Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.

  • CVE-2008-5918Jan 21, 2009
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

  • CVE-2008-5917Jan 21, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to…

  • CVE-2008-5916Jan 21, 2009
    risk 0.00cvss epss 0.00

    gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and…

  • CVE-2009-0219Jan 21, 2009
    risk 0.00cvss epss 0.05

    The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows…

  • CVE-2009-0182HigJan 20, 2009
    risk 0.64cvss 8.8epss 0.48

    Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line.

  • CVE-2009-0181Jan 20, 2009
    risk 0.00cvss epss 0.01

    Buffer overflow in VUPlayer allows user-assisted attackers to have an unknown impact via a long file, as demonstrated by a file composed entirely of 'A' characters.

  • CVE-2009-0180Jan 20, 2009
    risk 0.00cvss epss 0.02

    Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376.

  • CVE-2009-0179Jan 20, 2009
    risk 0.00cvss epss 0.02

    libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file.

  • CVE-2009-0178Jan 20, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 has unknown impact and attack vectors.

  • CVE-2008-5915Jan 20, 2009
    risk 0.00cvss epss 0.01

    An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an…

  • CVE-2008-5914Jan 20, 2009
    risk 0.00cvss epss 0.01

    An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an…

  • CVE-2008-5913Jan 20, 2009
    risk 0.00cvss epss 0.01

    The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a…

  • CVE-2008-5912Jan 20, 2009
    risk 0.01cvss epss 0.08

    An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message,…

  • CVE-2008-5516Jan 20, 2009
    risk 0.00cvss epss 0.04

    The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search.

  • CVE-2008-4388Jan 20, 2009
    risk 0.06cvss epss 0.38

    The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.

  • CVE-2008-2368Jan 20, 2009
    risk 0.00cvss epss 0.00

    Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.

  • CVE-2008-2367Jan 20, 2009
    risk 0.00cvss epss 0.00

    Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.

  • CVE-2007-6720Jan 20, 2009
    risk 0.00cvss epss 0.02

    libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of…