VYPR

CVEs

344,969 total · page 6282 of 6,900

  • CVE-2008-2231Jun 5, 2008
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter.

  • CVE-2008-2542Jun 5, 2008
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in the getline function in Ppm/ppm.C in NASA Ames Research Center BigView 1.8 allows user-assisted remote attackers to execute arbitrary code via a crafted PNM file.

  • CVE-2008-2543Jun 5, 2008
    risk 0.00cvss epss 0.04

    The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free,…

  • CVE-2008-2552Jun 5, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the Service Tag Registry on Sun Solaris 10, and Sun Service Tag before 1.1.3, allows local users to cause a denial of service (disk consumption) via unspecified vectors.

  • CVE-2008-2553Jun 5, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter.

  • CVE-2008-2551Jun 4, 2008
    risk 0.07cvss epss 0.47

    The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to "run."

  • CVE-2008-1770Jun 4, 2008
    risk 0.04cvss epss 0.10

    CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line.

  • CVE-2008-2055Jun 4, 2008
    risk 0.00cvss epss 0.02

    Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface.

  • CVE-2008-2056Jun 4, 2008
    risk 0.00cvss epss 0.02

    Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a crafted Transport Layer Security (TLS) packet to the device interface.

  • CVE-2008-2057Jun 4, 2008
    risk 0.00cvss epss 0.03

    The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a crafted packet.

  • CVE-2008-2058Jun 4, 2008
    risk 0.00cvss epss 0.02

    Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(3)2 and 8.0.x before 8.0(2)17 allows remote attackers to cause a denial of service (device reload) via a port scan against TCP port 443 on the device.

  • CVE-2008-2059Jun 4, 2008
    risk 0.00cvss epss 0.02

    Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows remote attackers to bypass control-plane ACLs for the device via unknown vectors.

  • CVE-2007-5604Jun 4, 2008
    risk 0.04cvss epss 0.12

    Buffer overflow in the ExtractCab function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5605,…

  • CVE-2007-5605Jun 4, 2008
    risk 0.01cvss epss 0.09

    Buffer overflow in the GetFileTime function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604,…

  • CVE-2007-5606Jun 4, 2008
    risk 0.01cvss epss 0.13

    Buffer overflow in the MoveFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604,…

  • CVE-2007-5607Jun 4, 2008
    risk 0.04cvss epss 0.13

    Buffer overflow in the RegistryString function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than…

  • CVE-2007-5608Jun 4, 2008
    risk 0.00cvss epss 0.04

    The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client machine via a URL in the first argument and a destination…

  • CVE-2007-5610Jun 4, 2008
    risk 0.04cvss epss 0.09

    The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to delete an arbitrary file via a full pathname in the argument.

  • CVE-2008-0952Jun 4, 2008
    risk 0.03cvss epss 0.06

    The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second…

  • CVE-2008-0953Jun 4, 2008
    risk 0.04cvss epss 0.09

    The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and…

  • CVE-2008-1108Jun 4, 2008
    risk 0.00cvss epss 0.06

    Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.

  • CVE-2008-1109Jun 4, 2008
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).

  • CVE-2008-2401Jun 4, 2008
    risk 0.00cvss epss 0.02

    The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications.

  • CVE-2008-2402Jun 4, 2008
    risk 0.01cvss epss 0.11

    The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents.

  • CVE-2008-2403Jun 4, 2008
    risk 0.02cvss epss 0.19

    Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the Path parameter to the MapPath method.

  • CVE-2008-2404Jun 4, 2008
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field.

  • CVE-2008-2405Jun 4, 2008
    risk 0.00cvss epss 0.03

    Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications.

  • CVE-2008-2406Jun 4, 2008
    risk 0.00cvss epss 0.03

    The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102.

  • CVE-2008-2541Jun 4, 2008
    risk 0.01cvss epss 0.10

    Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command;…

  • CVE-2008-2550Jun 4, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP security header.

  • CVE-2008-1661Jun 4, 2008
    risk 0.09cvss epss 0.69

    Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks Storage Mirroring (SWSM) before 4.5 SP2 allows remote attackers to execute arbitrary code via a crafted encoded authentication request.

  • CVE-2008-1947Jun 4, 2008
    risk 0.00cvss epss 0.10

    Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

  • CVE-2008-2119Jun 4, 2008
    risk 0.04cvss epss 0.07

    Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From…

  • CVE-2008-2547Jun 4, 2008
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if…

  • CVE-2008-2548Jun 4, 2008
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote attackers to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers memory corruption.

  • CVE-2008-2549Jun 4, 2008
    risk 0.06cvss epss 0.41

    Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.

  • CVE-2008-1035Jun 3, 2008
    risk 0.04cvss epss 0.10

    Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource…

  • CVE-2008-0169Jun 3, 2008
    risk 0.00cvss epss 0.02

    Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the…

  • CVE-2008-2520Jun 3, 2008
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][addon] parameter to (a) addon/smarty/plugins/function.captcha.php and (b)…

  • CVE-2008-2521Jun 3, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter.

  • CVE-2008-2522Jun 3, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in members.php in Battle.net Clan Script for PHP 1.5.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showmember parameter in a members action.

  • CVE-2008-2523Jun 3, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Autopatcher server plugin in RakNet before 3.23 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2008-2524Jun 3, 2008
    risk 0.00cvss epss 0.01

    BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie.

  • CVE-2008-2525Jun 3, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Event Database (aka rlmp_eventdb) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-2526Jun 3, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the WT Gallery (aka wt_gallery) extension 2.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-2527Jun 3, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in view.php in ActualScripts ActualAnalyzer Server 8.37 and earlier, ActualAnalyzer Gold 7.74 and earlier, ActualAnalyzer Pro 6.95 and earlier, and ActualAnalyzer Lite 2.78 and earlier allows remote attackers to inject arbitrary web…

  • CVE-2008-2528Jun 3, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors.

  • CVE-2008-2529Jun 3, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in read.php in Advanced Links Management (ALM) 1.5.2 allows remote attackers to execute arbitrary SQL commands via the catId parameter.

  • CVE-2008-2530Jun 3, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Concepts & Solutions QuickUpCMS allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter to (a) frontend/news.php, the (2) id parameter to (b) events3.php and (c) videos2.php in frontend/, the (3) y parameter to…

  • CVE-2008-2531Jun 3, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the search script in Build A Niche Store (BANS) 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.