VYPR

CVEs

344,969 total · page 6283 of 6,900

  • CVE-2008-2532Jun 3, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-2533Jun 3, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ltarget parameter to (a) admin/admin_frame.php and the (2) conf parameter to (b) gbuch.admin.php, (c)…

  • CVE-2008-2534Jun 3, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in admin/admin_frame.php in Phoenix View CMS Pre Alpha2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ltarget parameter.

  • CVE-2008-2535Jun 3, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and (5) todo.admin.php in…

  • CVE-2008-2536Jun 3, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in out.php in YABSoft Advanced Image Hosting (AIH) Script 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t parameter.

  • CVE-2008-2537Jun 3, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in cat.php in HispaH Model Search allows remote attackers to execute arbitrary SQL commands via the cat parameter.

  • CVE-2008-2538Jun 3, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors.

  • CVE-2008-2539Jun 3, 2008
    risk 0.00cvss epss 0.00

    The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 through 10, when an underlying ufs filesystem is used, might allow local users to read data from arbitrary deleted files, or corrupt files in global filesystems, via unspecified vectors.

  • CVE-2008-2540Jun 3, 2008
    risk 0.01cvss epss 0.08

    Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X,…

  • CVE-2008-2516Jun 3, 2008
    risk 0.00cvss epss 0.00

    pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated…

  • CVE-2008-2517Jun 3, 2008
    risk 0.00cvss epss 0.00

    The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process.

  • CVE-2008-2518Jun 3, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related…

  • CVE-2008-2519Jun 3, 2008
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Core FTP client 2.1 Build 1565 allows remote FTP servers to create or overwrite arbitrary files via .. (dot dot) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by…

  • CVE-2008-1027Jun 2, 2008
    risk 0.00cvss epss 0.02

    Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.

  • CVE-2008-1028Jun 2, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.

  • CVE-2008-1030Jun 2, 2008
    risk 0.00cvss epss 0.05

    Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based…

  • CVE-2008-1031Jun 2, 2008
    risk 0.00cvss epss 0.06

    CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.

  • CVE-2008-1032Jun 2, 2008
    risk 0.00cvss epss 0.04

    Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a…

  • CVE-2008-1033Jun 2, 2008
    risk 0.00cvss epss 0.02

    The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables."

  • CVE-2008-1034Jun 2, 2008
    risk 0.01cvss epss 0.08

    Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow.

  • CVE-2008-1036Jun 2, 2008
    risk 0.00cvss epss 0.03

    The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct…

  • CVE-2008-1571Jun 2, 2008
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

  • CVE-2008-1572Jun 2, 2008
    risk 0.00cvss epss 0.00

    Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.

  • CVE-2008-1573Jun 2, 2008
    risk 0.00cvss epss 0.02

    The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.

  • CVE-2008-1574Jun 2, 2008
    risk 0.01cvss epss 0.07

    Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.

  • CVE-2008-1575Jun 2, 2008
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.

  • CVE-2008-1576Jun 2, 2008
    risk 0.00cvss epss 0.04

    Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in…

  • CVE-2008-1577Jun 2, 2008
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues."

  • CVE-2008-1578Jun 2, 2008
    risk 0.00cvss epss 0.00

    The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.

  • CVE-2008-1579Jun 2, 2008
    risk 0.00cvss epss 0.03

    Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.

  • CVE-2008-1580Jun 2, 2008
    risk 0.00cvss epss 0.01

    CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use…

  • CVE-2008-2098Jun 2, 2008
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used,…

  • CVE-2008-2099Jun 2, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.

  • CVE-2008-2359Jun 2, 2008
    risk 0.00cvss epss 0.00

    The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration.

  • CVE-2008-2363Jun 2, 2008
    risk 0.00cvss epss 0.06

    The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based…

  • CVE-2008-2426Jun 2, 2008
    risk 0.00cvss epss 0.06

    Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in…

  • CVE-2008-2511Jun 2, 2008
    risk 0.04cvss epss 0.10

    Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the argument to the…

  • CVE-2008-2512Jun 2, 2008
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2008-2513Jun 2, 2008
    risk 0.00cvss epss 0.00

    Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors.

  • CVE-2008-2514Jun 2, 2008
    risk 0.00cvss epss 0.00

    Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors.

  • CVE-2008-2515Jun 2, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error."

  • CVE-2008-2501May 29, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.

  • CVE-2008-2502May 29, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the web server in eMule X-Ray before 1.4 allows remote attackers to trigger memory corruption via unknown attack vectors.

  • CVE-2008-2503May 29, 2008
    risk 0.00cvss epss 0.01

    Buffer overflow in Uploadlist in eMule X-Ray before 1.4 has unknown impact and remote attack vectors.

  • CVE-2008-2504May 29, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to netbutik.php and the (2) id parameter to product.php.

  • CVE-2008-2505May 29, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in result.php in Simpel Side Weblosning 1 through 4 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

  • CVE-2008-2506May 29, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) mainid and (2) id parameters to index2.php.

  • CVE-2008-2507May 29, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Calcium40.pl in Brown Bear Software Calcium 3.10 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the CalendarName parameter in a ShowIt action.

  • CVE-2008-2508May 29, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in news.php in Tr Script News 2.1 allows remote attackers to inject arbitrary web script or HTML via the "nb" parameter in voir mode.

  • CVE-2008-2509May 29, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in pwd.asp in Excuse Online allows remote attackers to execute arbitrary SQL commands via the pID parameter.