VYPR

CVEs

344,987 total · page 6247 of 6,900

  • CVE-2008-4472Oct 7, 2008
    risk 0.04cvss epss 0.08

    The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.

  • CVE-2008-4471Oct 7, 2008
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the…

  • CVE-2008-4421Oct 7, 2008
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38, allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the URL.

  • CVE-2008-4393Oct 7, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery Management System (DMS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to zodiac/servlet/zodiac.

  • CVE-2008-4384Oct 7, 2008
    risk 0.05cvss epss 0.29

    Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods.

  • CVE-2008-3543Oct 7, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on HP-UX B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors.

  • CVE-2008-4470Oct 7, 2008
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in Numark CUE 5.0 rev2 allows user-assisted attackers to cause a denial of service (application crash) or execute arbitrary code via an M3U playlist file that contains a long absolute pathname.

  • CVE-2008-4469Oct 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the coder_id parameter.

  • CVE-2008-4468Oct 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in view_news.php in Vastal I-Tech Share Zone allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4467Oct 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4466Oct 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in view_products_cat.php in Vastal I-Tech Cosmetics Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

  • CVE-2008-4465Oct 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

  • CVE-2008-4464Oct 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in view_mags.php in Vastal I-Tech Mag Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

  • CVE-2008-4463Oct 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter.

  • CVE-2008-4462Oct 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in view_news.php in Vastal I-Tech Visa Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter.

  • CVE-2008-4461Oct 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter.

  • CVE-2008-4460Oct 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the game_id parameter.

  • CVE-2008-4459Oct 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2008-4458Oct 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action.

  • CVE-2008-4457Oct 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php.

  • CVE-2008-4456Oct 6, 2008
    risk 0.04cvss epss 0.07

    Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database…

  • CVE-2008-4455Oct 6, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the language cookie.

  • CVE-2008-4454Oct 6, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the lang parameter to actions.php. NOTE: the provenance of this information is unknown; the details are obtained solely…

  • CVE-2008-4453Oct 6, 2008
    risk 0.04cvss epss 0.10

    The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files…

  • CVE-2008-4452Oct 6, 2008
    risk 0.03cvss epss 0.05

    Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3 allows remote attackers to cause a denial of service (crash and hang) and possibly execute arbitrary code via a long CWD request.

  • CVE-2008-4451Oct 6, 2008
    risk 0.03cvss epss 0.01

    The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 allows local users to execute arbitrary code via a certain METHOD_NEITHER IOCTL request to \Device\esiasdrv that overwrites a pointer.

  • CVE-2008-4450Oct 6, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attackers to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters. NOTE: the provenance of this…

  • CVE-2008-4449Oct 6, 2008
    risk 0.06cvss epss 0.39

    Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message.

  • CVE-2008-4448Oct 6, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils,…

  • CVE-2008-4447Oct 6, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab…

  • CVE-2008-4446Oct 6, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-4445Oct 6, 2008
    risk 0.00cvss epss 0.00

    The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by…

  • CVE-2008-4279Oct 6, 2008
    risk 0.00cvss epss 0.00

    The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5…

  • CVE-2008-4278Oct 6, 2008
    risk 0.00cvss epss 0.00

    VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.

  • CVE-2008-3872Oct 6, 2008
    risk 0.00cvss epss 0.05

    Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations.

  • CVE-2008-4440Oct 3, 2008
    risk 0.00cvss epss 0.00

    The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files.

  • CVE-2008-4439Oct 3, 2008
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. NOTE: the provenance of this information is unknown; the details are…

  • CVE-2008-4438Oct 3, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in search.php in Datafeed Studio 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-4437Oct 3, 2008
    risk 0.03cvss epss 0.06

    Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.

  • CVE-2008-4436Oct 3, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog 0.7.6 allows remote attackers to execute arbitrary SQL commands via the mod parameter.

  • CVE-2008-4435Oct 3, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php.

  • CVE-2008-4434Oct 3, 2008
    risk 0.04cvss epss 0.11

    Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .torrent file.

  • CVE-2008-4433Oct 3, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops might allow remote attackers to execute arbitrary SQL commands via the itemsxpag parameter.

  • CVE-2008-4432Oct 3, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops allows remote attackers to inject arbitrary web script or HTML via the itemsxpag parameter.

  • CVE-2008-4431Oct 3, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlier allows remote attackers to execute arbitrary SQL commands via the skin parameter, probably related to an incorrect protection mechanism in the clean_string function in includes/functions.php.

  • CVE-2008-4429Oct 3, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 and earlier and Virus Security 9.5.0173 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via malformed compressed files. NOTE: some of these details…

  • CVE-2008-4428Oct 3, 2008
    risk 0.04cvss epss 0.07

    Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory.

  • CVE-2008-4427Oct 3, 2008
    risk 0.03cvss epss 0.03

    changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.

  • CVE-2008-4426Oct 3, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action.

  • CVE-2008-4425Oct 3, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action.