VYPR

CVEs

344,984 total · page 6264 of 6,900

  • CVE-2008-3482Aug 5, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-3483Aug 5, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and 2.0.30 allows remote attackers to inject arbitrary web script or HTML via error messages in the "/admin.aspx - System Log" page.

  • CVE-2008-3356Aug 5, 2008
    risk 0.00cvss epss 0.00

    verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to…

  • CVE-2008-3357Aug 5, 2008
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability."

  • CVE-2008-3389Aug 5, 2008
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb,…

  • CVE-2008-3431HigKEVAug 5, 2008
    risk 0.73cvss 8.8epss 0.07

    The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the…

  • CVE-2008-3481Aug 5, 2008
    risk 0.03cvss epss 0.02

    themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

  • CVE-2008-3451Aug 4, 2008
    risk 0.00cvss epss 0.01

    PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile.

  • CVE-2008-3452Aug 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php.

  • CVE-2008-3453Aug 4, 2008
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files."

  • CVE-2008-3454Aug 4, 2008
    risk 0.03cvss epss 0.03

    JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1.

  • CVE-2008-3455Aug 4, 2008
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter.

  • CVE-2008-3456Aug 4, 2008
    risk 0.00cvss epss 0.02

    phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.

  • CVE-2008-3457Aug 4, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be…

  • CVE-2008-3458Aug 4, 2008
    risk 0.00cvss epss 0.03

    Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory.

  • CVE-2008-3459Aug 4, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.

  • CVE-2008-3450Aug 4, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors.

  • CVE-2008-3445Aug 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter.

  • CVE-2008-3446Aug 4, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

  • CVE-2008-3447Aug 4, 2008
    risk 0.04cvss epss 0.08

    The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attackers to cause a denial of service (infinite loop) via a malformed ZIP archive, probably related to invalid offsets.

  • CVE-2008-3448Aug 4, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.

  • CVE-2008-3449Aug 4, 2008
    risk 0.00cvss epss 0.02

    MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder.

  • CVE-2008-3444Aug 4, 2008
    risk 0.00cvss epss 0.02

    The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted but well-formed web page that contains "a simple set of legitimate HTML tags."

  • CVE-2008-1232Aug 4, 2008
    risk 0.09cvss epss 0.76

    Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the…

  • CVE-2008-2320Aug 4, 2008
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long…

  • CVE-2008-2321Aug 4, 2008
    risk 0.04cvss epss 0.12

    Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments."

  • CVE-2008-2322Aug 4, 2008
    risk 0.00cvss epss 0.06

    Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow.

  • CVE-2008-2323Aug 4, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages.

  • CVE-2008-2324Aug 4, 2008
    risk 0.00cvss epss 0.00

    The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs.

  • CVE-2008-2325Aug 4, 2008
    risk 0.00cvss epss 0.05

    QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking."

  • CVE-2008-2370Aug 4, 2008
    risk 0.07cvss epss 0.53

    Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read…

  • CVE-2008-3423Aug 4, 2008
    risk 0.00cvss epss 0.02

    IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors.

  • CVE-2007-2952Aug 1, 2008
    risk 0.01cvss epss 0.15

    Multiple stack-based buffer overflows in the filter service (aka k9filter.exe) in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow (1) remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and (2)…

  • CVE-2008-1376Aug 1, 2008
    risk 0.00cvss epss 0.03

    A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions.

  • CVE-2008-1662Aug 1, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list."

  • CVE-2008-1810Aug 1, 2008
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable.

  • CVE-2008-2235Aug 1, 2008
    risk 0.00cvss epss 0.00

    OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.

  • CVE-2008-2315Aug 1, 2008
    risk 0.00cvss epss 0.04

    Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule…

  • CVE-2008-2316Aug 1, 2008
    risk 0.00cvss epss 0.03

    Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."

  • CVE-2008-2935Aug 1, 2008
    risk 0.04cvss epss 0.13

    Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code…

  • CVE-2008-3142Aug 1, 2008
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related…

  • CVE-2008-3143Aug 1, 2008
    risk 0.00cvss epss 0.04

    Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9)…

  • CVE-2008-3144Aug 1, 2008
    risk 0.00cvss epss 0.04

    Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. …

  • CVE-2008-3175Aug 1, 2008
    risk 0.01cvss epss 0.14

    Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted message that triggers a buffer overflow.

  • CVE-2008-3433Aug 1, 2008
    risk 0.00cvss epss 0.02

    SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

  • CVE-2008-3434Aug 1, 2008
    risk 0.00cvss epss 0.03

    Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

  • CVE-2008-3435Aug 1, 2008
    risk 0.00cvss epss 0.02

    LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

  • CVE-2008-3436Aug 1, 2008
    risk 0.00cvss epss 0.02

    The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

  • CVE-2008-3437Aug 1, 2008
    risk 0.00cvss epss 0.02

    OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

  • CVE-2008-3438HigAug 1, 2008
    risk 0.53cvss 8.1epss 0.01

    Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.