VYPR

CVEs

344,978 total · page 6271 of 6,900

  • CVE-2008-2304Jul 14, 2008
    risk 0.03cvss epss 0.06

    Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreImage Examples in Xcode tools before 3.1 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a .funhouse file with a string XML element that contains…

  • CVE-2008-2317Jul 14, 2008
    risk 0.01cvss epss 0.08

    WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a…

  • CVE-2008-2318Jul 14, 2008
    risk 0.00cvss epss 0.01

    The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs.

  • CVE-2008-3159Jul 14, 2008
    risk 0.01cvss epss 0.09

    Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic."

  • CVE-2008-3160Jul 14, 2008
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in IBM Data ONTAP 7.1 before 7.1.3, as used by IBM System Storage N series Filer and IBM System Storage N series Gateway, have unknown impact and attack vectors.

  • CVE-2008-3161Jul 14, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Accept, (2) Accept-Language, (3) UA-CPU, (4) Accept-Encoding, (5) User-Agent, or (6) Cookie HTTP…

  • CVE-2008-3151Jul 11, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action.

  • CVE-2008-3152Jul 11, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in directory.php in SmartPPC and SmartPPC Pro allows remote attackers to execute arbitrary SQL commands via the idDirectory parameter.

  • CVE-2008-3153Jul 11, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.

  • CVE-2008-3154Jul 11, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in WebBlizzard CMS allows remote attackers to execute arbitrary SQL commands via the page parameter.

  • CVE-2008-3155Jul 11, 2008
    risk 0.04cvss epss 0.08

    Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method.

  • CVE-2008-3156Jul 11, 2008
    risk 0.03cvss epss 0.04

    The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.

  • CVE-2008-3157Jul 11, 2008
    risk 0.00cvss epss 0.01

    Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit the number of concurrent sessions, which allows attackers to cause a denial of service (resource consumption) via a large number of sessions.

  • CVE-2008-3158Jul 11, 2008
    risk 0.03cvss epss 0.05

    Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory.

  • CVE-2008-3147Jul 11, 2008
    risk 0.00cvss epss 0.00

    WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) WPA, and (3) WPA2 access-point keys in (a) ClientWeFiLog.dat, (b) ClientWeFiLog.bak, and possibly (c) a certain .inf file under %PROGRAMFILES%\WeFi\Users\, and uses cleartext for the ClientWeFiLog files, which…

  • CVE-2008-3148Jul 11, 2008
    risk 0.03cvss epss 0.03

    Stack-based buffer overflow in (1) OllyDBG 1.10 and (2) ImpREC 1.7f allows user-assisted attackers to execute arbitrary code via a crafted DLL file that contains a long string.

  • CVE-2008-3149Jul 11, 2008
    risk 0.00cvss epss 0.02

    The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote attackers to cause a denial of service (daemon crash) by walking the hrSWInstalled OID branch in HOST-RESOURCES-MIB.

  • CVE-2008-3150Jul 11, 2008
    risk 0.04cvss epss 0.06

    Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions. NOTE: this can be leveraged for code execution by performing an…

  • CVE-2008-3127Jul 10, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIOX Banner Rotator (HBR) 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.

  • CVE-2008-3128Jul 10, 2008
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in search.php in Pivot 1.40.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.

  • CVE-2008-3129Jul 10, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta 1 allow remote attackers to execute arbitrary SQL commands via the (1) foreign_key_value parameter in the news page and (2) webpage parameter in the webpage_multi_edit form.

  • CVE-2008-3130Jul 10, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenCart 0.7.7 allow remote attackers to inject arbitrary web script or HTML via the (1) firstname and (2) search parameters. NOTE: the provenance of this information is unknown; the details are obtained solely…

  • CVE-2008-3131Jul 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showid parameter.

  • CVE-2008-3132Jul 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.

  • CVE-2008-3133Jul 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the password parameter.

  • CVE-2008-3134Jul 10, 2008
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and…

  • CVE-2008-3135Jul 10, 2008
    risk 0.00cvss epss 0.02

    Soldner Secret Wars 33724 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a large numeric value in a 0x80 data block.

  • CVE-2008-3136Jul 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allows remote attackers to execute arbitrary SQL commands via the cat parameter.

  • CVE-2008-3137Jul 10, 2008
    risk 0.00cvss epss 0.02

    The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

  • CVE-2008-3138Jul 10, 2008
    risk 0.00cvss epss 0.02

    The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.

  • CVE-2008-3139Jul 10, 2008
    risk 0.00cvss epss 0.03

    The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.

  • CVE-2008-3140Jul 10, 2008
    risk 0.03cvss epss 0.05

    The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet."

  • CVE-2008-3141Jul 10, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.

  • CVE-2008-3119Jul 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in DreamPics Builder allows remote attackers to execute arbitrary SQL commands via the page parameter.

  • CVE-2008-3121Jul 10, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-3122Jul 10, 2008
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to execute arbitrary SQL commands via the unspecified vectors.

  • CVE-2008-3123Jul 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Mole Group Real Estate Script 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action.

  • CVE-2008-3124Jul 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Mole Group Hotel Script 1.0 allows remote attackers to execute arbitrary SQL commands via the file parameter.

  • CVE-2008-3125Jul 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Mole Group Lastminute Script 4.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

  • CVE-2008-3126Jul 10, 2008
    risk 0.00cvss epss 0.02

    Multiple stack-based buffer overflows in the ServerView web interface (SnmpGetMibValues.exe) in Fujitsu Siemens Computers ServerView 04.60.07 and earlier allow remote authenticated users to execute arbitrary code via a crafted URL.

  • CVE-2008-1678Jul 10, 2008
    risk 0.00cvss epss 0.05

    Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP…

  • CVE-2008-3116Jul 10, 2008
    risk 0.03cvss epss 0.06

    Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message.

  • CVE-2008-3117Jul 10, 2008
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in update_profile.php in PHPmotion 2.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a .php file with a content type of (1) image/gif, (2) image/jpeg, or (3) image/pjpeg, then accessing it via a direct…

  • CVE-2008-3118Jul 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the vid parameter.

  • CVE-2008-3103Jul 9, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform…

  • CVE-2008-3104Jul 9, 2008
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an…

  • CVE-2008-3105Jul 9, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted…

  • CVE-2008-3106Jul 9, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2)…

  • CVE-2008-3107Jul 9, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application…

  • CVE-2008-3108Jul 9, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing.