VYPR

CVEs

344,984 total · page 6260 of 6,900

  • CVE-2008-3705Aug 19, 2008
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the CLogger::WriteFormated function in echoware/Logger.cpp in EchoVNC Linux before 1.1.2 allows remote echoServers to execute arbitrary code via a large (1) group or (2) user list, aka a "very crowded echoServer" attack. NOTE: some of these…

  • CVE-2008-3706Aug 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.

  • CVE-2008-3707Aug 19, 2008
    risk 0.00cvss epss 0.01

    Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the script_path parameter to (1) flat_read.php, (2) post.php, (3) process_post.php, (4) process_search.php, (5) forum.php, (6)…

  • CVE-2008-3708Aug 19, 2008
    risk 0.03cvss epss 0.05

    Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot.

  • CVE-2008-3709Aug 19, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the (1) lOptionsOptions, (2) lNavAdminOptions, or (3) lNavReturn parameter to options.php; or the (4) lNavReturn parameter to…

  • CVE-2008-3710Aug 19, 2008
    risk 0.00cvss epss 0.01

    Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) script_path parameter to (a) options.php and the (2) lang_code parameter to (b) copy_vip.php…

  • CVE-2008-3711Aug 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a browse action.

  • CVE-2008-3712Aug 19, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connecto…

  • CVE-2008-3713Aug 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in product.php in PHPBasket allows remote attackers to execute arbitrary SQL commands via the pro_id parameter.

  • CVE-2008-3714Aug 19, 2008
    risk 0.03cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.

  • CVE-2008-3715Aug 19, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter.

  • CVE-2008-3716Aug 19, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component.

  • CVE-2008-3717Aug 19, 2008
    risk 0.00cvss epss 0.01

    Harmoni before 1.6.0 does not require administrative privileges to list (1) user names or (2) asset ids, which allows remote attackers to obtain sensitive information.

  • CVE-2008-2936Aug 18, 2008
    risk 0.03cvss epss 0.01

    Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink…

  • CVE-2008-2937Aug 18, 2008
    risk 0.00cvss epss 0.00

    Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.

  • CVE-2008-3704Aug 18, 2008
    risk 0.07cvss epss 0.56

    Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows…

  • CVE-2008-2233Aug 18, 2008
    risk 0.00cvss epss 0.01

    The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors.

  • CVE-2008-2234Aug 18, 2008
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in Openwsman 1.2.0 and 2.0.0 allow remote attackers to execute arbitrary code via a crafted "Authorization: Basic" HTTP header.

  • CVE-2008-3270Aug 18, 2008
    risk 0.00cvss epss 0.01

    yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and…

  • CVE-2008-3276Aug 18, 2008
    risk 0.00cvss epss 0.03

    Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value,…

  • CVE-2008-3324HigAug 18, 2008
    risk 0.53cvss 8.1epss 0.01

    The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update.

  • CVE-2008-3533Aug 18, 2008
    risk 0.05cvss epss 0.19

    Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within…

  • CVE-2008-3703Aug 18, 2008
    risk 0.01cvss epss 0.12

    The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to…

  • CVE-2008-3700Aug 15, 2008
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in…

  • CVE-2008-3701Aug 15, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action.

  • CVE-2008-3702Aug 15, 2008
    risk 0.04cvss epss 0.10

    Multiple stack-based buffer overflows in the Animation GIF ActiveX control in JComSoft AniGIF.ocx 1.12 and 2.47, as used in products such as SpeedBit Download Accelerator Plus (DAP) 8.6, allow remote attackers to execute arbitrary code via a long argument to the (1) ReadGIF or…

  • CVE-2008-3658Aug 15, 2008
    risk 0.01cvss epss 0.07

    Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

  • CVE-2008-3659Aug 15, 2008
    risk 0.00cvss epss 0.06

    Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this…

  • CVE-2008-3660Aug 15, 2008
    risk 0.00cvss epss 0.03

    PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

  • CVE-2008-3443Aug 14, 2008
    risk 0.04cvss epss 0.16

    The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to…

  • CVE-2008-3699Aug 14, 2008
    risk 0.00cvss epss 0.00

    The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.

  • CVE-2008-3686Aug 14, 2008
    risk 0.00cvss epss 0.00

    The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference.

  • CVE-2008-3687Aug 14, 2008
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall.

  • CVE-2008-3688HigAug 14, 2008
    risk 0.49cvss 7.5epss 0.03

    sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable.

  • CVE-2008-2369CriAug 14, 2008
    risk 0.59cvss 9.1epss 0.03

    manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.

  • CVE-2008-2940Aug 14, 2008
    risk 0.00cvss epss 0.00

    The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event…

  • CVE-2008-2941Aug 14, 2008
    risk 0.00cvss epss 0.01

    The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207.

  • CVE-2008-3683Aug 14, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service (failure to accept connections) via unknown vectors, probably related to exhaustion of file descriptors.

  • CVE-2008-3675Aug 14, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) a full pathname in the img parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2008-3676Aug 14, 2008
    risk 0.03cvss epss 0.03

    Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands.

  • CVE-2008-3677Aug 14, 2008
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors.

  • CVE-2008-3678Aug 14, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway before 1.4.2.197 allows remote attackers to inject arbitrary web script or HTML via the URL.

  • CVE-2008-3679Aug 14, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a (1) user_add, (2) recip, (3) tellafriend, or (4) contact action, or (5) in a request…

  • CVE-2008-3680Aug 14, 2008
    risk 0.04cvss epss 0.10

    The decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet to TCP port 3784.

  • CVE-2008-3681Aug 14, 2008
    risk 0.04cvss epss 0.09

    components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.

  • CVE-2008-3682Aug 14, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter.

  • CVE-2008-3338Aug 13, 2008
    risk 0.00cvss epss 0.05

    Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow…

  • CVE-2008-3669Aug 13, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.

  • CVE-2008-3670Aug 13, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter.

  • CVE-2008-3671Aug 13, 2008
    risk 0.00cvss epss 0.02

    Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…