VYPR

CVEs

344,987 total · page 6238 of 6,900

  • CVE-2008-3867Nov 3, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter.

  • CVE-2008-4878Nov 1, 2008
    risk 0.03cvss epss 0.04

    Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file.

  • CVE-2008-4877Nov 1, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin.php in WebCards 1.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2008-4876Nov 1, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error…

  • CVE-2008-4875Nov 1, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for…

  • CVE-2008-4874Nov 1, 2008
    risk 0.03cvss epss 0.04

    The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access.

  • CVE-2008-4873Nov 1, 2008
    risk 0.03cvss epss 0.05

    board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.

  • CVE-2008-4872Nov 1, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-4871Nov 1, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2.0 Beta 23 allows remote attackers to inject arbitrary web script or HTML via BBcode IMG tags.

  • CVE-2008-4870Nov 1, 2008
    risk 0.00cvss epss 0.00

    dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.

  • CVE-2008-4869Nov 1, 2008
    risk 0.00cvss epss 0.02

    FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak."

  • CVE-2008-4868Nov 1, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers."

  • CVE-2008-4867Nov 1, 2008
    risk 0.00cvss epss 0.02

    Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.

  • CVE-2008-4866Nov 1, 2008
    risk 0.00cvss epss 0.05

    Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY.

  • CVE-2008-4865Nov 1, 2008
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been…

  • CVE-2008-4864Nov 1, 2008
    risk 0.05cvss epss 0.21

    Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer…

  • CVE-2008-4863Nov 1, 2008
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.

  • CVE-2008-4309HigOct 31, 2008
    risk 0.49cvss 7.5epss 0.05

    Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a…

  • CVE-2008-4811Oct 31, 2008
    risk 0.00cvss epss 0.02

    The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.

  • CVE-2008-4810Oct 31, 2008
    risk 0.00cvss epss 0.02

    The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted…

  • CVE-2008-4809Oct 31, 2008
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to "Active" content. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-4808Oct 31, 2008
    risk 0.00cvss epss 0.01

    IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-4807Oct 31, 2008
    risk 0.00cvss epss 0.00

    IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details are obtained solely from…

  • CVE-2008-4806Oct 31, 2008
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. NOTE: the provenance of this information is unknown; the details are obtained solely…

  • CVE-2008-4805Oct 31, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear,…

  • CVE-2007-6432Oct 31, 2008
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a malformed .PMD file, related to "Key Strings," a different vulnerability than CVE-2007-5169 and CVE-2007-5394.

  • CVE-2008-4804Oct 31, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue was…

  • CVE-2008-4803Oct 31, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Simple PHP Scripts gallery 0.1, 0.3, and 0.4 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. NOTE: the provenance of this information is unknown; the details are obtained solely…

  • CVE-2008-4802Oct 31, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP Scripts blog 0.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-4801Oct 31, 2008
    risk 0.01cvss epss 0.11

    Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and…

  • CVE-2008-4800Oct 31, 2008
    risk 0.05cvss epss 0.26

    The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread…

  • CVE-2008-4799Oct 31, 2008
    risk 0.00cvss epss 0.02

    pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read.

  • CVE-2008-4798Oct 30, 2008
    risk 0.00cvss epss 0.04

    The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL.

  • CVE-2008-4797Oct 30, 2008
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server 1.8 and earlier allows remote attackers to read arbitrary files via unknown vectors.

  • CVE-2008-4796Oct 30, 2008
    risk 0.00cvss epss 0.09

    The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell…

  • CVE-2008-4795Oct 30, 2008
    risk 0.03cvss epss 0.04

    The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.

  • CVE-2008-4794Oct 30, 2008
    risk 0.00cvss epss 0.04

    Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.

  • CVE-2008-2238Oct 30, 2008
    risk 0.01cvss epss 0.07

    Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.

  • CVE-2008-2237Oct 30, 2008
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document.

  • CVE-2007-6021Oct 30, 2008
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure.

  • CVE-2007-5394Oct 30, 2008
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure, a different vulnerability than CVE-2007-5169 and CVE-2007-6432.

  • CVE-2008-4793Oct 29, 2008
    risk 0.00cvss epss 0.02

    The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.

  • CVE-2008-4792Oct 29, 2008
    risk 0.00cvss epss 0.01

    The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.

  • CVE-2008-4791Oct 29, 2008
    risk 0.00cvss epss 0.02

    The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors.

  • CVE-2008-4790Oct 29, 2008
    risk 0.00cvss epss 0.01

    The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.

  • CVE-2008-4789Oct 29, 2008
    risk 0.00cvss epss 0.01

    The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."

  • CVE-2008-4788Oct 29, 2008
    risk 0.01cvss epss 0.09

    Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using…

  • CVE-2008-4787Oct 29, 2008
    risk 0.04cvss epss 0.14

    Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many (Non-Blocking Space character) sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related…

  • CVE-2008-4786Oct 29, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

  • CVE-2008-4785Oct 29, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.