VYPR

CVEs

344,978 total · page 6268 of 6,900

  • CVE-2008-3260Jul 22, 2008
    risk 0.03cvss epss 0.05

    Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3)…

  • CVE-2008-3261Jul 22, 2008
    risk 0.03cvss epss 0.05

    Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.

  • CVE-2008-3262Jul 22, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password.

  • CVE-2008-3188HigJul 22, 2008
    risk 0.49cvss 7.5epss 0.01

    libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.

  • CVE-2008-3253Jul 22, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows…

  • CVE-2008-3254Jul 22, 2008
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in index.php in preCMS 1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a UserProfil action.

  • CVE-2008-3255Jul 22, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in LunarNight Laboratory WebProxy 1.7.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-3256Jul 22, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and earlier, and Siteframe Beaumont 5.0.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-3257Jul 22, 2008
    risk 0.10cvss epss 0.84

    Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP…

  • CVE-2008-3258Jul 22, 2008
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2008-3259Jul 22, 2008
    risk 0.00cvss epss 0.00

    OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.

  • CVE-2008-3249Jul 21, 2008
    risk 0.00cvss epss 0.01

    The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.

  • CVE-2008-3250Jul 21, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter.

  • CVE-2008-3251Jul 21, 2008
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in…

  • CVE-2008-3252Jul 21, 2008
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.

  • CVE-2008-3187Jul 21, 2008
    risk 0.00cvss epss 0.02

    zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a spoofed key.

  • CVE-2008-3235Jul 21, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors.

  • CVE-2008-3236Jul 21, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted.

  • CVE-2008-3237Jul 21, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter.

  • CVE-2008-3238Jul 21, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php.

  • CVE-2008-3239Jul 21, 2008
    risk 0.03cvss epss 0.05

    Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONF[CRON_LOGFILE] parameter and file…

  • CVE-2008-3240Jul 21, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action.

  • CVE-2008-3241Jul 21, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-3242Jul 21, 2008
    risk 0.04cvss epss 0.16

    Heap-based buffer overflow in the PPMedia Class ActiveX control in PPMPlayer.dll in PPMate 2.3.1.93 allows remote attackers to execute arbitrary code via a long argument to the StartUrl method. NOTE: some of these details are obtained from third party information.

  • CVE-2008-3243Jul 21, 2008
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allow remote attackers to cause a denial of service via (1) a crafted UPX-compressed file, which triggers an engine crash; (2) a crafted Microsoft Office file, which…

  • CVE-2008-3244Jul 21, 2008
    risk 0.00cvss epss 0.02

    The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allows remote attackers to cause a denial of service (engine crash) via a CHM file with a large nb_dir value that triggers an out-of-bounds read.

  • CVE-2008-3245Jul 21, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter.

  • CVE-2008-3246Jul 21, 2008
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary…

  • CVE-2008-2934HigJul 18, 2008
    risk 0.57cvss 8.8epss 0.04

    Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.

  • CVE-2008-3214Jul 18, 2008
    risk 0.00cvss epss 0.03

    dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK response from the daemon.

  • CVE-2008-3215Jul 18, 2008
    risk 0.00cvss epss 0.05

    libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713.

  • CVE-2008-3216Jul 18, 2008
    risk 0.00cvss epss 0.00

    The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack.

  • CVE-2008-3217Jul 18, 2008
    risk 0.00cvss epss 0.02

    PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements…

  • CVE-2008-3218Jul 18, 2008
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID…

  • CVE-2008-3219Jul 18, 2008
    risk 0.00cvss epss 0.02

    The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism.

  • CVE-2008-3220Jul 18, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings."

  • CVE-2008-3221Jul 18, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities.

  • CVE-2008-3222Jul 18, 2008
    risk 0.00cvss epss 0.03

    Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.

  • CVE-2008-3223Jul 18, 2008
    risk 0.00cvss epss 0.03

    SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."

  • CVE-2008-3224Jul 18, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to "urls gone through redirect() being used within login_box()."

  • CVE-2008-3225Jul 18, 2008
    risk 0.00cvss epss 0.01

    Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."

  • CVE-2008-3226Jul 18, 2008
    risk 0.00cvss epss 0.01

    The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors.

  • CVE-2008-3227Jul 18, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.

  • CVE-2008-3228Jul 18, 2008
    risk 0.00cvss epss 0.01

    Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.

  • CVE-2008-3229Jul 18, 2008
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in op before Changeset 563, when xauth support is enabled, allows local users to gain privileges via a long XAUTHORITY environment variable.

  • CVE-2008-3230Jul 18, 2008
    risk 0.00cvss epss 0.00

    The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif.

  • CVE-2008-3231Jul 18, 2008
    risk 0.00cvss epss 0.02

    xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.

  • CVE-2008-3232Jul 18, 2008
    risk 0.00cvss epss 0.05

    Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images.

  • CVE-2008-3233Jul 18, 2008
    risk 0.00cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-3234Jul 18, 2008
    risk 0.03cvss epss 0.06

    sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.