VYPR

CVEs

344,987 total · page 6246 of 6,900

  • CVE-2008-4517Oct 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4516Oct 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in galerie.php in Galerie 3.2 allows remote attackers to execute arbitrary SQL commands via the pic parameter.

  • CVE-2008-4515Oct 9, 2008
    risk 0.00cvss epss 0.02

    Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript.

  • CVE-2008-4514Oct 9, 2008
    risk 0.04cvss epss 0.08

    The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error.

  • CVE-2008-4513Oct 9, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags.

  • CVE-2008-4512Oct 9, 2008
    risk 0.00cvss epss 0.01

    ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.

  • CVE-2008-4511Oct 9, 2008
    risk 0.00cvss epss 0.01

    Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.

  • CVE-2008-4510Oct 9, 2008
    risk 0.03cvss epss 0.03

    Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page.

  • CVE-2008-4509Oct 9, 2008
    risk 0.04cvss epss 0.08

    Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root…

  • CVE-2008-4508Oct 9, 2008
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in the file parsing function in Tonec Internet Download Manager, possibly 5.14 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AppleDouble file containing a long string. …

  • CVE-2008-4507Oct 9, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors.

  • CVE-2008-4506Oct 9, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors.

  • CVE-2008-4505Oct 9, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. NOTE: due to lack of details from the vendor, it is not clear whether…

  • CVE-2008-4504Oct 9, 2008
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero DVD Player 3.0.8 allows user-assisted remote attackers to execute arbitrary code via an M3u file with a "long entry." NOTE: the provenance of this information is unknown; the details are obtained solely from third…

  • CVE-2008-4503Oct 9, 2008
    risk 0.00cvss epss 0.04

    The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and…

  • CVE-2008-4502Oct 9, 2008
    risk 0.03cvss epss 0.04

    Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3)…

  • CVE-2008-4501Oct 9, 2008
    risk 0.04cvss epss 0.11

    Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.

  • CVE-2008-4500Oct 9, 2008
    risk 0.04cvss epss 0.10

    Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".

  • CVE-2008-4499Oct 9, 2008
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php.

  • CVE-2008-4498Oct 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

  • CVE-2008-4497Oct 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter.

  • CVE-2008-4496Oct 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.

  • CVE-2008-4495Oct 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.

  • CVE-2008-4494Oct 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4493Oct 8, 2008
    risk 0.04cvss epss 0.18

    Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST…

  • CVE-2008-3830Oct 8, 2008
    risk 0.00cvss epss 0.00

    Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions.

  • CVE-2008-3829Oct 8, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) via unknown vectors.

  • CVE-2008-3828Oct 8, 2008
    risk 0.00cvss epss 0.01

    Stack-based buffer overflow in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

  • CVE-2008-3826Oct 8, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Condor before 7.0.5 allows attackers to execute jobs as other users via unknown vectors.

  • CVE-2008-3814Oct 8, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration…

  • CVE-2008-4492Oct 8, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie.

  • CVE-2008-4491Oct 8, 2008
    risk 0.00cvss epss 0.01

    Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail.

  • CVE-2008-4490Oct 8, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the userInfo cookie.

  • CVE-2008-4489Oct 8, 2008
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme_chosen parameter. NOTE: the provenance of this information is unknown; the details are…

  • CVE-2008-4488Oct 8, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third…

  • CVE-2008-4487Oct 8, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) site_name, (2) email, (3) theme_chosen, (4) hp, (5) c_meta, (6) id, and (7) c_js parameters. NOTE: the provenance of this information is…

  • CVE-2008-4486Oct 8, 2008
    risk 0.03cvss epss 0.05

    Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.

  • CVE-2008-4485Oct 8, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL.

  • CVE-2008-4484Oct 8, 2008
    risk 0.03cvss epss 0.03

    main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.

  • CVE-2008-4483Oct 8, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.

  • CVE-2008-4482Oct 8, 2008
    risk 0.00cvss epss 0.04

    The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file.

  • CVE-2008-4481Oct 8, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-3061Oct 8, 2008
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the to parameter.

  • CVE-2008-4477Oct 8, 2008
    risk 0.00cvss epss 0.00

    alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack on the test.alert.log temporary file.

  • CVE-2008-3063Oct 8, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in login.php in V-webmail 1.5.0 might allow remote attackers to execute arbitrary SQL commands via the username parameter.

  • CVE-2008-3060Oct 8, 2008
    risk 0.00cvss epss 0.01

    V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message.

  • CVE-2008-4476Oct 7, 2008
    risk 0.00cvss epss 0.00

    sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability.

  • CVE-2008-4475Oct 7, 2008
    risk 0.00cvss epss 0.00

    ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2008-4474Oct 7, 2008
    risk 0.00cvss epss 0.00

    freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.

  • CVE-2008-3834Oct 7, 2008
    risk 0.03cvss epss 0.05

    The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.