VYPR

CVEs

344,984 total · page 6263 of 6,900

  • CVE-2008-3534Aug 8, 2008
    risk 0.00cvss epss 0.01

    The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv…

  • CVE-2008-3535Aug 8, 2008
    risk 0.00cvss epss 0.01

    Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by…

  • CVE-2008-3550Aug 8, 2008
    risk 0.00cvss epss 0.01

    The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability.

  • CVE-2008-3551Aug 8, 2008
    risk 0.00cvss epss 0.06

    Multiple unspecified vulnerabilities in Sun Java Platform Micro Edition (aka Java ME, J2ME, or mobile Java), as distributed in Sun Wireless Toolkit 2.5.2, allow remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20080807, the only disclosure is a vague…

  • CVE-2008-3552Aug 8, 2008
    risk 0.00cvss epss 0.06

    Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11-15." NOTE: as of…

  • CVE-2008-3553Aug 8, 2008
    risk 0.00cvss epss 0.06

    Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is…

  • CVE-2008-3554Aug 8, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action.

  • CVE-2008-3555Aug 8, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and…

  • CVE-2008-3556Aug 8, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: vector 1 might be the same as…

  • CVE-2008-3557Aug 8, 2008
    risk 0.03cvss epss 0.03

    Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies.

  • CVE-2008-3558Aug 8, 2008
    risk 0.08cvss epss 0.65

    Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.

  • CVE-2008-3559Aug 8, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice allow remote attackers to inject arbitrary web script or HTML via the (1) filename parameter to search.asp and the (2) page parameter to order.asp. NOTE: the provenance of this information is unknown; the…

  • CVE-2008-3560Aug 8, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter.

  • CVE-2008-0964Aug 8, 2008
    risk 0.04cvss epss 0.14

    Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.

  • CVE-2008-0965Aug 8, 2008
    risk 0.00cvss epss 0.06

    Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.

  • CVE-2008-3272Aug 8, 2008
    risk 0.00cvss epss 0.00

    The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which…

  • CVE-2008-3546Aug 7, 2008
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.

  • CVE-2008-3548Aug 7, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the Sun Netra T5220 Server with firmware 7.1.3 allows local users to cause a denial of service (panic) via unknown vectors.

  • CVE-2008-3549Aug 7, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in Sun Solaris 10 and OpenSolaris before snv_90 allows local users to cause a denial of service (system hang or panic) via unknown vectors.

  • CVE-2008-3507Aug 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.

  • CVE-2008-3508Aug 7, 2008
    risk 0.03cvss epss 0.03

    LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie.

  • CVE-2008-3509Aug 7, 2008
    risk 0.03cvss epss 0.03

    LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors.

  • CVE-2008-3510Aug 7, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty Syntax Live Help (CSLH) 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter.

  • CVE-2008-3511Aug 7, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2)…

  • CVE-2008-3512Aug 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php.

  • CVE-2008-3513Aug 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php.

  • CVE-2008-2939Aug 6, 2008
    risk 0.03cvss epss 0.39

    Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a…

  • CVE-2008-3492Aug 6, 2008
    risk 0.00cvss epss 0.02

    America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted UDP packet, probably involving a VoiceIndex value that is outside of the range specified by VOICE_MAX_CHATTERS.

  • CVE-2008-3493Aug 6, 2008
    risk 0.03cvss epss 0.06

    vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC servers to cause a denial of service (application crash) via a crafted frame buffer update packet.

  • CVE-2008-3494Aug 6, 2008
    risk 0.03cvss epss 0.03

    8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header.

  • CVE-2008-3495Aug 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter.

  • CVE-2008-3496Aug 6, 2008
    risk 0.00cvss epss 0.03

    Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors.

  • CVE-2008-3497Aug 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter.

  • CVE-2008-3498Aug 6, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.

  • CVE-2008-3499Aug 6, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in "a page in the workarea folder" in Ektron CMS400.NET 7.00 through 7.04 and 7.50 through 7.52 has unknown impact and attack vectors.

  • CVE-2008-3500Aug 6, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Suggested Terms module 5.x before 5.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via crafted Taxonomy terms.

  • CVE-2008-3501Aug 6, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-3502Aug 6, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl.

  • CVE-2008-3503Aug 6, 2008
    risk 0.00cvss epss 0.02

    RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data).

  • CVE-2008-3504Aug 6, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 has unknown impact and remote attack vectors related to "manipulation of cookies."

  • CVE-2008-3505Aug 6, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via the nr parameter to the default URI.

  • CVE-2008-3506Aug 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to execute arbitrary SQL commands via the nr parameter to the default URI.

  • CVE-2008-3485Aug 6, 2008
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path.

  • CVE-2008-3486Aug 6, 2008
    risk 0.04cvss epss 0.06

    Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang…

  • CVE-2008-3487Aug 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-3488Aug 6, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors.

  • CVE-2008-3489Aug 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in checkCookie function in includes/functions.inc.php in PHPX 3.5.16 allows remote attackers to execute arbitrary SQL commands via a PXL cookie.

  • CVE-2008-3490Aug 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in members/mail.php in E-topbiz Online Dating 3 1.0 allows remote authenticated users to execute arbitrary SQL commands via the mail_id parameter in a veiw action.

  • CVE-2008-3491Aug 6, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action.

  • CVE-2008-3484Aug 5, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php.