VYPR

CVEs

345,015 total · page 6218 of 6,901

  • CVE-2008-5868Jan 8, 2009
    risk 0.03cvss epss 0.04

    Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows user-assisted attackers to execute arbitrary code via a long ProxyLogin value in a configuration (.cfg) file.

  • CVE-2009-0069Jan 7, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the nfs4rename_persistent_fh function in the NFS 4 (aka NFSv4) client in the kernel in Sun Solaris 10 and OpenSolaris before snv_102 allows local users to cause a denial of service (recursive mutex_enter and panic) via unspecified vectors.

  • CVE-2008-5867Jan 7, 2009
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Yerba SACphp 6.3 allows remote attackers to read arbitrary files, and possibly have other impact, via directory traversal sequences in the mod field contained in the base64-encoded SID parameter to an unspecified component. NOTE: the…

  • CVE-2008-5866Jan 7, 2009
    risk 0.00cvss epss 0.02

    The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public as its default SNMP read/write community, which makes it easier for remote attackers to obtain sensitive information or modify SNMP variables.

  • CVE-2009-0068Jan 7, 2009
    risk 0.00cvss epss 0.02

    Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as…

  • CVE-2009-0066Jan 7, 2009
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot. NOTE: as of 20090107, the only disclosure is a vague pre-advisory with…

  • CVE-2009-0065Jan 7, 2009
    risk 0.04cvss epss 0.17

    Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.

  • CVE-2009-0051Jan 7, 2009
    risk 0.00cvss epss 0.01

    ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

  • CVE-2009-0050Jan 7, 2009
    risk 0.00cvss epss 0.01

    Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

  • CVE-2009-0049Jan 7, 2009
    risk 0.00cvss epss 0.01

    Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar…

  • CVE-2009-0048Jan 7, 2009
    risk 0.00cvss epss 0.01

    OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to…

  • CVE-2009-0047Jan 7, 2009
    risk 0.00cvss epss 0.01

    Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to…

  • CVE-2009-0046Jan 7, 2009
    risk 0.00cvss epss 0.01

    Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to…

  • CVE-2009-0025Jan 7, 2009
    risk 0.01cvss epss 0.07

    BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

  • CVE-2009-0021Jan 7, 2009
    risk 0.00cvss epss 0.03

    NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar…

  • CVE-2008-5077Jan 7, 2009
    risk 0.00cvss epss 0.05

    OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

  • CVE-2008-5865Jan 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php.

  • CVE-2008-5864Jan 6, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.

  • CVE-2008-5863Jan 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the y parameter in a get_user action.

  • CVE-2008-5862Jan 6, 2009
    risk 0.03cvss epss 0.06

    Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 build 2132 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the URI.

  • CVE-2008-5861Jan 6, 2009
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in source.php in FreeLyrics 1.0 allows remote attackers to read arbitrary files via directory traversal sequences in the p parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2008-5860Jan 6, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the edit_file…

  • CVE-2008-5859Jan 6, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the show_page parameter.

  • CVE-2008-5858Jan 6, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree before 3.5.4a allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-4281.

  • CVE-2008-5857Jan 6, 2009
    risk 0.00cvss epss 0.01

    The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote authenticated users to gain administrative privileges via a certain sequence of "browse documents" and dashboard requests.

  • CVE-2008-5856Jan 6, 2009
    risk 0.04cvss epss 0.08

    Directory traversal vulnerability in scripts/export.php in ClaSS before 0.8.61 allows remote attackers to read arbitrary files via directory traversal sequences in the ftype parameter.

  • CVE-2008-5855Jan 6, 2009
    risk 0.03cvss epss 0.03

    myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt.

  • CVE-2008-5854Jan 6, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ls_user and (2) ls_email parameters (aka the User form) in an ls_register action. NOTE: some of these…

  • CVE-2008-5853Jan 6, 2009
    risk 0.03cvss epss 0.03

    Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database credentials via a direct request for config.inc or (2) read database backups…

  • CVE-2008-5852Jan 6, 2009
    risk 0.03cvss epss 0.03

    Emefa Guestbook 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for guestbook.mdb.

  • CVE-2008-5851Jan 6, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in My PHP Baseball Stats (MyPBS) allows remote attackers to execute arbitrary SQL commands via the seasonID parameter.

  • CVE-2008-5849Jan 6, 2009
    risk 0.00cvss epss 0.02

    Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing…

  • CVE-2008-5848Jan 6, 2009
    risk 0.00cvss epss 0.03

    The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's Modbus/TCP I/O activity.

  • CVE-2009-0022Jan 5, 2009
    risk 0.00cvss epss 0.04

    Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.

  • CVE-2008-5847Jan 5, 2009
    risk 0.03cvss epss 0.02

    Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.

  • CVE-2008-5846Jan 5, 2009
    risk 0.00cvss epss 0.01

    Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen."

  • CVE-2008-5845Jan 5, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a…

  • CVE-2008-5844Jan 5, 2009
    risk 0.00cvss epss 0.02

    PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent attackers to conduct SQL injection attacks and…

  • CVE-2008-5843Jan 5, 2009
    risk 0.00cvss epss 0.00

    Multiple untrusted search path vulnerabilities in pdfjam allow local users to gain privileges via a Trojan horse program in (1) the current working directory or (2) /var/tmp, related to the (a) pdf90, (b) pdfjoin, and (c) pdfnup scripts.

  • CVE-2008-5842Jan 5, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via vectors associated with (1) a demo application shipped with WebTransactions and possibly…

  • CVE-2004-2761CriJan 5, 2009
    risk 0.67cvss 9.8epss 0.10

    The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

  • CVE-2008-5841Jan 5, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3) id parameter to index.php in a viewarticle action.

  • CVE-2008-5840Jan 5, 2009
    risk 0.03cvss epss 0.03

    PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpicalendar and phpicalendar_login cookies to 1.

  • CVE-2008-5839Jan 5, 2009
    risk 0.03cvss epss 0.06

    Buffer overflow in Foxmail 6.5 allows remote attackers to execute arbitrary code via a long mailto URI in the HREF attribute of an A element.

  • CVE-2008-5838Jan 5, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop (aka E-Php Shopping Cart) Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.

  • CVE-2008-5828Jan 2, 2009
    risk 0.01cvss epss 0.14

    Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3)…

  • CVE-2008-5827Jan 2, 2009
    risk 0.00cvss epss 0.03

    The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag.

  • CVE-2008-5826Jan 2, 2009
    risk 0.00cvss epss 0.02

    The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI.

  • CVE-2008-5825Jan 2, 2009
    risk 0.00cvss epss 0.02

    The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to…

  • CVE-2008-5824Jan 2, 2009
    risk 0.03cvss epss 0.06

    Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file.