VYPR

CVEs

344,960 total · page 6290 of 6,900

  • CVE-2008-2118May 8, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-5001May 8, 2008
    risk 0.00cvss epss 0.00

    Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file.

  • CVE-2007-5498May 8, 2008
    risk 0.00cvss epss 0.00

    The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks.

  • CVE-2007-6282May 8, 2008
    risk 0.00cvss epss 0.02

    The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.

  • CVE-2008-1615May 8, 2008
    risk 0.00cvss epss 0.00

    Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.

  • CVE-2008-1659May 8, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors.

  • CVE-2008-1669May 8, 2008
    risk 0.00cvss epss 0.00

    Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table."

  • CVE-2008-2042May 8, 2008
    risk 0.00cvss epss 0.05

    The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback…

  • CVE-2008-2112May 8, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig.

  • CVE-2008-2110May 7, 2008
    risk 0.03cvss epss 0.02

    Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request.

  • CVE-2008-2111May 7, 2008
    risk 0.03cvss epss 0.05

    The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption.

  • CVE-2008-2107May 7, 2008
    risk 0.00cvss epss 0.03

    The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and…

  • CVE-2008-2108CriMay 7, 2008
    risk 0.64cvss 9.8epss 0.04

    The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force…

  • CVE-2008-2109May 7, 2008
    risk 0.01cvss epss 0.07

    field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop.

  • CVE-2008-2103May 7, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list.

  • CVE-2008-2104May 7, 2008
    risk 0.00cvss epss 0.01

    The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.

  • CVE-2008-2105May 7, 2008
    risk 0.00cvss epss 0.01

    email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From…

  • CVE-2008-2106May 7, 2008
    risk 0.04cvss epss 0.08

    Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated users to cause a denial of service (crash) via a type 7 stats packet, which triggers a memcpy with a negative value.

  • CVE-2008-2096May 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in BackLinkSpider allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to a site-specific component name such as link.php or backlinkspider.php.

  • CVE-2008-2091May 6, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in ipn.php in KubeLabs Kubelance 1.6.4 allows remote attackers to include and execute arbitrary local files via the i parameter.

  • CVE-2008-2092May 6, 2008
    risk 0.03cvss epss 0.04

    Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: the severity of this issue has been disputed since there are limited attack scenarios.

  • CVE-2008-2093May 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php.

  • CVE-2008-2094May 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-2095May 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter.

  • CVE-2008-2005May 6, 2008
    risk 0.04cvss epss 0.16

    The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length…

  • CVE-2008-2080May 6, 2008
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags.

  • CVE-2008-2087May 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817.

  • CVE-2008-2088May 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php.

  • CVE-2008-2089May 6, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet.

  • CVE-2008-2090May 6, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet.

  • CVE-2008-0599CriMay 5, 2008
    risk 0.65cvss 9.8epss 0.11

    The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

  • CVE-2008-2050May 5, 2008
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.

  • CVE-2008-2051May 5, 2008
    risk 0.00cvss epss 0.03

    The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."

  • CVE-2008-2081May 5, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.

  • CVE-2008-2082May 5, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message.

  • CVE-2008-2083May 5, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.

  • CVE-2008-2084May 5, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a listarticles action.

  • CVE-2008-2072May 5, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in Virtual Design Studio vlbook 1.21 allows remote attackers to inject arbitrary web script or HTML via the l parameter, a different vector than CVE-2006-3260.

  • CVE-2008-2073May 5, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in include/global.inc.php in Virtual Design Studio vlbook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter.

  • CVE-2008-2074May 5, 2008
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3)…

  • CVE-2008-2075May 5, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 through 2.7.3 allows remote attackers to inject arbitrary web script or HTML via the picfile parameter.

  • CVE-2008-2076May 5, 2008
    risk 0.04cvss epss 0.06

    Directory traversal vulnerability in admin.php in ActualScripts ActualAnalyzer Lite 2.78 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the style parameter.

  • CVE-2008-2077May 5, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown impact and attack vectors related to "data form list view."

  • CVE-2008-2078May 5, 2008
    risk 0.00cvss epss 0.01

    Robocode before 1.6.0 allows user-assisted remote attackers to "access the internals of the Robocode game" via unspecified vectors related to the AWT Event Queue.

  • CVE-2008-2079May 5, 2008
    risk 0.00cvss epss 0.03

    MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL…

  • CVE-2008-2063May 2, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter.

  • CVE-2008-2064May 2, 2008
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to "a fundamental design flaw in the interface (API) to connect phpGedView with external programs like content management systems."

  • CVE-2008-2065May 2, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter.

  • CVE-2008-2066May 2, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to inject arbitrary web script or HTML via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable.

  • CVE-2008-2067May 2, 2008
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable.