VYPR

CVEs

344,960 total · page 6289 of 6,900

  • CVE-2008-0713May 13, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors.

  • CVE-2008-2166May 13, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp.

  • CVE-2008-2167May 13, 2008
    risk 0.04cvss epss 0.17

    Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows remote attackers to inject arbitrary web script or HTML via the Referer header, which is not properly handled in a 404 Error page.

  • CVE-2008-0166HigMay 13, 2008
    risk 0.57cvss 7.5epss 0.71

    OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

  • CVE-2008-2163May 13, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors."

  • CVE-2008-1803May 12, 2008
    risk 0.01cvss epss 0.07

    Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original…

  • CVE-2008-2004May 12, 2008
    risk 0.00cvss epss 0.01

    The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.

  • CVE-2008-2159May 12, 2008
    risk 0.00cvss epss 0.02

    Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information.

  • CVE-2008-2160May 12, 2008
    risk 0.01cvss epss 0.18

    Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images.

  • CVE-2008-2161May 12, 2008
    risk 0.08cvss epss 0.65

    Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information.

  • CVE-2008-2162May 12, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the Host header in a request to a non-existent web page, which is not properly sanitized in an error page.

  • CVE-2008-2148May 12, 2008
    risk 0.00cvss epss 0.00

    The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to…

  • CVE-2008-2149May 12, 2008
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is…

  • CVE-2008-2146May 12, 2008
    risk 0.00cvss epss 0.03

    wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.

  • CVE-2008-2147May 12, 2008
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.

  • CVE-2008-2142May 12, 2008
    risk 0.00cvss epss 0.04

    Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.

  • CVE-2008-2143May 12, 2008
    risk 0.00cvss epss 0.02

    Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information.

  • CVE-2008-2144May 12, 2008
    risk 0.01cvss epss 0.16

    Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors.

  • CVE-2008-2145May 12, 2008
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long username in the "forgotten password" dialog.

  • CVE-2008-2139May 12, 2008
    risk 0.00cvss epss 0.00

    The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain…

  • CVE-2008-2140May 12, 2008
    risk 0.00cvss epss 0.00

    Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL.

  • CVE-2008-1677May 12, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a…

  • CVE-2008-1801May 12, 2008
    risk 0.04cvss epss 0.13

    Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.

  • CVE-2008-1802May 12, 2008
    risk 0.04cvss epss 0.13

    Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields.

  • CVE-2008-1880May 12, 2008
    risk 0.00cvss epss 0.02

    The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password.

  • CVE-2008-2070May 12, 2008
    risk 0.03cvss epss 0.02

    The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase,…

  • CVE-2008-2071May 12, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other…

  • CVE-2008-2085May 12, 2008
    risk 0.00cvss epss 0.05

    Multiple stack-based buffer overflows in the (1) get_remote_ip_media and (2) get_remote_ipv6_media functions in call.cpp in SIPp 3.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted SIP message.

  • CVE-2008-2138May 12, 2008
    risk 0.04cvss epss 0.16

    Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that…

  • CVE-2008-2123May 9, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a…

  • CVE-2008-2124May 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS allows remote attackers to execute arbitrary SQL commands via the lg parameter.

  • CVE-2008-2125May 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2.3.7 allows remote attackers to execute arbitrary SQL commands via the artistId parameter.

  • CVE-2008-2126May 9, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to index.php and the (2) returnURL parameter to tux-login.php.

  • CVE-2008-2127May 9, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.php in CMS Faethon 2.2 Ultimate allows remote attackers to inject arbitrary web script or HTML via the what parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2008-2128May 9, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in templates/header.php in CMS Faethon 2.2 Ultimate allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter, a different vulnerability than CVE-2006-5588 and CVE-2006-3185.

  • CVE-2008-2129May 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Galleristic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.

  • CVE-2008-2130May 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-2131May 9, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in mvnForum 1.1 GA allows remote authenticated users to inject arbitrary web script or HTML via the topic field, which is later displayed by user/viewthread.jsp through use of the "quick reply button."

  • CVE-2008-2132May 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in step1.asp in Systementor PostcardMentor allows remote attackers to execute arbitrary SQL commands via the cat_fldAuto parameter.

  • CVE-2008-2133May 9, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter in a new entry, as demonstrated by a CSS property in the STYLE attribute of a DIV element, a different…

  • CVE-2008-2134May 9, 2008
    risk 0.00cvss epss 0.01

    The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to obtain access to arbitrary user accounts, and alter or delete data, via a modified username in an unspecified cookie.

  • CVE-2008-2135May 9, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php.

  • CVE-2008-2120May 9, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors.

  • CVE-2008-2121May 9, 2008
    risk 0.00cvss epss 0.03

    The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to cause a denial of service (CPU consumption and new connection timeouts) via a TCP SYN flood attack.

  • CVE-2008-2122HigMay 9, 2008
    risk 0.49cvss 7.5epss 0.02

    IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a port scan, which spawns multiple bfagent server processes that attempt to read data from closed sockets.

  • CVE-2008-2113May 8, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

  • CVE-2008-2114May 8, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.

  • CVE-2008-2115May 8, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) te and (2) dir parameters in a tempedit action.

  • CVE-2008-2116May 8, 2008
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) te and (2) dir parameters in a tempedit action.

  • CVE-2008-2117May 8, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126.