VYPR

CVEs

344,996 total · page 6225 of 6,900

  • CVE-2008-5542Dec 12, 2008
    risk 0.00cvss epss 0.02

    Sunbelt VIPRE 3.1.1832.2 and possibly 3.1.1633.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2)…

  • CVE-2008-5541Dec 12, 2008
    risk 0.01cvss epss 0.08

    Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or…

  • CVE-2008-5540Dec 12, 2008
    risk 0.00cvss epss 0.02

    Secure Computing Secure Web Gateway (aka Webwasher), when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension,…

  • CVE-2008-5539Dec 12, 2008
    risk 0.01cvss epss 0.10

    RISING Antivirus 21.06.31.00 and possibly 20.61.42.00, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no…

  • CVE-2008-5538Dec 12, 2008
    risk 0.00cvss epss 0.02

    Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg…

  • CVE-2008-5537Dec 12, 2008
    risk 0.00cvss epss 0.03

    PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or…

  • CVE-2008-5536Dec 12, 2008
    risk 0.00cvss epss 0.03

    Panda Antivirus 9.0.0.4, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3)…

  • CVE-2008-5535Dec 12, 2008
    risk 0.00cvss epss 0.03

    Norman Antivirus 5.80.02, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or…

  • CVE-2008-5534Dec 12, 2008
    risk 0.00cvss epss 0.03

    ESET NOD32 Antivirus 3662 and possibly 3440, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a…

  • CVE-2008-5533Dec 12, 2008
    risk 0.00cvss epss 0.03

    K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a…

  • CVE-2008-5532Dec 12, 2008
    risk 0.00cvss epss 0.02

    Ikarus Virus Utilities T3.1.1.45.0 and possibly T3.1.1.34.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no…

  • CVE-2008-5531Dec 12, 2008
    risk 0.00cvss epss 0.03

    Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension,…

  • CVE-2008-5530Dec 12, 2008
    risk 0.00cvss epss 0.02

    Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or…

  • CVE-2008-5529Dec 12, 2008
    risk 0.00cvss epss 0.03

    CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension,…

  • CVE-2008-5528Dec 12, 2008
    risk 0.00cvss epss 0.05

    Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3)…

  • CVE-2008-5527Dec 12, 2008
    risk 0.00cvss epss 0.02

    ESET Smart Security, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a…

  • CVE-2008-5526Dec 12, 2008
    risk 0.00cvss epss 0.03

    DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension,…

  • CVE-2008-5525Dec 12, 2008
    risk 0.00cvss epss 0.03

    ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt…

  • CVE-2008-5524Dec 12, 2008
    risk 0.00cvss epss 0.02

    CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt…

  • CVE-2008-5523Dec 12, 2008
    risk 0.00cvss epss 0.03

    avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or…

  • CVE-2008-5522Dec 12, 2008
    risk 0.00cvss epss 0.03

    AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or…

  • CVE-2008-5521Dec 12, 2008
    risk 0.00cvss epss 0.02

    Avira AntiVir 7.9.0.36 and possibly 7.8.1.28, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a…

  • CVE-2008-5520Dec 12, 2008
    risk 0.00cvss epss 0.02

    AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a…

  • CVE-2008-5497Dec 12, 2008
    risk 0.03cvss epss 0.03

    BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true.

  • CVE-2008-5496Dec 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.

  • CVE-2008-5495Dec 12, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the GungHo LoadPrgAx ActiveX control 1.0.0.6 and earlier allows remote attackers to execute arbitrary Java applications via unknown vectors.

  • CVE-2008-5494Dec 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

  • CVE-2008-5493Dec 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in track.php in PHPStore Wholesales (aka Wholesale) allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-5492Dec 12, 2008
    risk 0.06cvss epss 0.35

    Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these details are obtained from…

  • CVE-2008-5491Dec 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter.

  • CVE-2008-5490Dec 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-5489Dec 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter.

  • CVE-2008-5488Dec 12, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 allows remote attackers to execute arbitrary SQL commands via the passfromform parameter.

  • CVE-2008-5487Dec 12, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter.

  • CVE-2008-5486Dec 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-5435Dec 11, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject.

  • CVE-2008-5434Dec 11, 2008
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php.

  • CVE-2008-5433Dec 11, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field.

  • CVE-2008-5432Dec 11, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).

  • CVE-2008-5431Dec 11, 2008
    risk 0.03cvss epss 0.03

    Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command.

  • CVE-2008-5429Dec 11, 2008
    risk 0.00cvss epss 0.01

    Incredimail build 5853710 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other…

  • CVE-2008-5428Dec 11, 2008
    risk 0.00cvss epss 0.01

    Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other…

  • CVE-2008-5427Dec 11, 2008
    risk 0.00cvss epss 0.02

    Norton Antivirus in Norton Internet Security 15.5.0.23 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service…

  • CVE-2008-5426Dec 11, 2008
    risk 0.00cvss epss 0.01

    Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack…

  • CVE-2008-5425Dec 11, 2008
    risk 0.00cvss epss 0.02

    ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other…

  • CVE-2008-5424Dec 11, 2008
    risk 0.01cvss epss 0.12

    The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows…

  • CVE-2008-5423Dec 11, 2008
    risk 0.00cvss epss 0.00

    Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via…

  • CVE-2008-5422Dec 11, 2008
    risk 0.00cvss epss 0.03

    Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors.

  • CVE-2008-5421Dec 11, 2008
    risk 0.00cvss epss 0.01

    The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service (hang) via (1) a large integer in the Content-Length HTTP header; (2) an invalid value in the Content-Length HTTP header, as demonstrated by a negative…

  • CVE-2008-5415Dec 11, 2008
    risk 0.01cvss epss 0.08

    The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure.