VYPR

CVEs

344,960 total · page 6292 of 6,900

  • CVE-2008-1103Apr 28, 2008
    risk 0.00cvss epss 0.00

    Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."

  • CVE-2008-1930Apr 28, 2008
    risk 0.00cvss epss 0.05

    The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering…

  • CVE-2008-1996Apr 28, 2008
    risk 0.04cvss epss 0.11

    licq before 1.3.6 allows remote attackers to cause a denial of service (file-descriptor exhaustion and application crash) via a large number of connections.

  • CVE-2008-1997Apr 28, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699.

  • CVE-2008-1998Apr 28, 2008
    risk 0.00cvss epss 0.03

    The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.

  • CVE-2008-1999Apr 28, 2008
    risk 0.00cvss epss 0.01

    Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.

  • CVE-2008-2000Apr 28, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.

  • CVE-2008-2001Apr 28, 2008
    risk 0.00cvss epss 0.02

    Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference.

  • CVE-2008-2002Apr 28, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the "Restart Cable Modem" value in the BUTTON_INPUT parameter to configdata.html,…

  • CVE-2008-2003Apr 28, 2008
    risk 0.00cvss epss 0.03

    BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3)…

  • CVE-2008-1670Apr 28, 2008
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.

  • CVE-2008-1671Apr 28, 2008
    risk 0.00cvss epss 0.01

    start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other…

  • CVE-2008-1995Apr 28, 2008
    risk 0.00cvss epss 0.02

    Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server.

  • CVE-2008-1985Apr 27, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php.

  • CVE-2008-1986Apr 27, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in liste_article.php in Blog Pixel Motion (aka PixelMotion) allows remote attackers to inject arbitrary web script or HTML via the jours parameter.

  • CVE-2008-1987Apr 27, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.php in EncapsGallery 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

  • CVE-2008-1988Apr 27, 2008
    risk 0.00cvss epss 0.03

    Unrestricted file upload vulnerability in the file_upload function in core/misc.class.php in EncapsGallery 2.0.2 allows remote authenticated administrators to upload and execute arbitrary PHP files by uploading a file with an executable extension, then accessing it via a direct…

  • CVE-2008-1989Apr 27, 2008
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.

  • CVE-2008-1990Apr 27, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp.

  • CVE-2008-1991Apr 27, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the field parameter.

  • CVE-2008-1992Apr 27, 2008
    risk 0.03cvss epss 0.03

    Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote attackers to bypass restrictions and relay email messages with modified From, FromName, and To fields.

  • CVE-2008-1993Apr 27, 2008
    risk 0.03cvss epss 0.03

    Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files.

  • CVE-2008-1994Apr 27, 2008
    risk 0.00cvss epss 0.00

    Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and (c) child.c in Acon 1.0.5-5 through 1.0.5-7 allow local users to execute arbitrary code via (1) a long HOME environment variable or (2) a large number of terminal columns.

  • CVE-2008-1976Apr 27, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Drupal modules (1) Internationalization (i18n) 5.x before 5.x-2.3 and 5.x-1.1 and 6.x before 6.x-1.0 beta 1; and (2) Localizer 5.x before 5.x-3.4, 5.x-2.1, and 5.x-1.11; allow remote attackers to inject arbitrary web…

  • CVE-2008-1977Apr 27, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors.

  • CVE-2008-1978Apr 27, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428.

  • CVE-2008-1979Apr 27, 2008
    risk 0.03cvss epss 0.04

    The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read.

  • CVE-2008-1980Apr 27, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-1981Apr 27, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors.

  • CVE-2008-1982Apr 27, 2008
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.

  • CVE-2008-1983Apr 27, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Advanced Electron Forum (AEF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the beg parameter in a members action to index.php.

  • CVE-2008-1984Apr 27, 2008
    risk 0.00cvss epss 0.03

    The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure Content Manager 8.0.28000.511 and earlier allows remote attackers to cause a denial of service (crash or CPU consumption) via a malformed packet to TCP port 1882.

  • CVE-2008-1974Apr 27, 2008
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

  • CVE-2008-1975Apr 27, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter.

  • CVE-2008-1966Apr 27, 2008
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2)…

  • CVE-2008-1967Apr 27, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in Cezanne 6.5.1 and 7 allows remote attackers to inject arbitrary web script or HTML via the SleUserName parameter.

  • CVE-2008-1968Apr 27, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp.

  • CVE-2008-1969Apr 27, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp; (3) TitleParms, (4) WidgetsHeights, (5) WidgetsLinks, and (6) WidgetsTitles…

  • CVE-2008-1970Apr 27, 2008
    risk 0.00cvss epss 0.00

    muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials.

  • CVE-2008-1971Apr 27, 2008
    risk 0.03cvss epss 0.02

    phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.

  • CVE-2008-1972Apr 27, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the user account creation feature in Exponent CMS 0.96.6-GA20071003 and earlier, when the Allow Registration? configuration option is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1)…

  • CVE-2008-1973Apr 27, 2008
    risk 0.03cvss epss 0.06

    Heap-based buffer overflow in SubEdit Player build 4056 and 4066 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long subtitle file.

  • CVE-2008-0712Apr 25, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might…

  • CVE-2008-1953Apr 25, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1.1.5 search template in Magnolia Enterprise Edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are…

  • CVE-2008-1954Apr 25, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

  • CVE-2008-1955Apr 25, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER MyBoard 1.0.12 allows remote attackers to inject arbitrary web script or HTML via the id parameter. information.

  • CVE-2008-1956Apr 25, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Wikepage Opus 13 2007.2 allows remote attackers to inject arbitrary web script or HTML via the wiki parameter.

  • CVE-2008-1957Apr 25, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode.

  • CVE-2008-1958Apr 25, 2008
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension.

  • CVE-2008-1959Apr 25, 2008
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the get_remote_video_port_media function in call.cpp in SIPp 3.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SIP message. NOTE: some of these details are obtained from third party…