VYPR

CVEs

344,960 total · page 6294 of 6,900

  • CVE-2008-1908Apr 22, 2008
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the language parameter in a language action to the default URI, which is not properly handled in…

  • CVE-2008-1909Apr 22, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

  • CVE-2008-1910Apr 22, 2008
    risk 0.04cvss epss 0.07

    Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-2007-5244.

  • CVE-2008-1911Apr 22, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 beta and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a cookpass cookie.

  • CVE-2008-1912Apr 22, 2008
    risk 0.04cvss epss 0.12

    Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long subtitle in a .SRT file.

  • CVE-2008-1913Apr 22, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the new parameter in a new action.

  • CVE-2008-1914Apr 22, 2008
    risk 0.09cvss epss 0.74

    Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080. NOTE: some of these details are obtained from third party information.

  • CVE-2008-1436Apr 21, 2008
    risk 0.06cvss epss 0.37

    Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource…

  • CVE-2008-1898Apr 21, 2008
    risk 0.07cvss epss 0.52

    A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which…

  • CVE-2008-0165Apr 21, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.

  • CVE-2008-1889Apr 18, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials 2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-1890Apr 18, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-1891Apr 18, 2008
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1)…

  • CVE-2008-1892Apr 18, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in bs_auth.php in Blogator-script 0.95 and 1.01 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-1893Apr 18, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang parameter.

  • CVE-2008-1894Apr 18, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter.

  • CVE-2008-1895Apr 18, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to events.asp, the (2) UserName parameter to getpassword.asp, and possibly an unspecified parameter to (3)…

  • CVE-2008-1896Apr 18, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and the (2) OrderBy parameter to member_send.asp.

  • CVE-2008-1888Apr 18, 2008
    risk 0.04cvss epss 0.08

    Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.

  • CVE-2008-1887Apr 18, 2008
    risk 0.01cvss epss 0.06

    Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers…

  • CVE-2008-1693Apr 18, 2008
    risk 0.00cvss epss 0.05

    The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted…

  • CVE-2008-1734Apr 18, 2008
    risk 0.00cvss epss 0.00

    Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain…

  • CVE-2008-1883Apr 18, 2008
    risk 0.00cvss epss 0.01

    The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5…

  • CVE-2008-1884Apr 18, 2008
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in index.php in Wikepage Opus 13 2007.2 allows remote attackers to read arbitrary files via directory traversal sequences in the wiki parameter, a different vector than CVE-2006-4418.

  • CVE-2008-1885Apr 18, 2008
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download allows remote attackers to download arbitrary code onto a client system via a .. (dot dot) in the SkinPath parameter and a .zip URL in the HttpSkin…

  • CVE-2008-1886Apr 18, 2008
    risk 0.04cvss epss 0.07

    The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download uses weak cryptography for a KeyCode that blocks unauthorized use of the control, which allows remote attackers to bypass this protection mechanism by calculating the required KeyCode. …

  • CVE-2008-1881Apr 17, 2008
    risk 0.04cvss epss 0.12

    Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.

  • CVE-2007-6714Apr 17, 2008
    risk 0.00cvss epss 0.02

    DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.

  • CVE-2007-6715Apr 17, 2008
    risk 0.00cvss epss 0.01

    Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.

  • CVE-2008-1878Apr 17, 2008
    risk 0.04cvss epss 0.15

    Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.

  • CVE-2007-5745Apr 17, 2008
    risk 0.00cvss epss 0.04

    Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records.

  • CVE-2007-5746Apr 17, 2008
    risk 0.00cvss epss 0.05

    Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an EMF file with a crafted EMR_STRETCHBLT record, which triggers a heap-based buffer overflow.

  • CVE-2007-5747Apr 17, 2008
    risk 0.00cvss epss 0.04

    Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that trigger an excessive loop and a stack-based buffer overflow.

  • CVE-2008-0320Apr 17, 2008
    risk 0.08cvss epss 0.57

    Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.

  • CVE-2008-1024Apr 17, 2008
    risk 0.00cvss epss 0.04

    Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption.

  • CVE-2008-1025Apr 17, 2008
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.

  • CVE-2008-1026Apr 17, 2008
    risk 0.00cvss epss 0.05

    Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a…

  • CVE-2008-1380Apr 17, 2008
    risk 0.00cvss epss 0.03

    The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an…

  • CVE-2008-1860Apr 17, 2008
    risk 0.03cvss epss 0.03

    Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter.

  • CVE-2008-1861Apr 17, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in modules/threadstop/threadstop.php in ExBB Italia 0.22 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the…

  • CVE-2008-1862Apr 17, 2008
    risk 0.03cvss epss 0.03

    ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct…

  • CVE-2008-1863Apr 17, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-1864Apr 17, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter.

  • CVE-2008-1865Apr 17, 2008
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in the msx_readnode function in libmosix.c in openmosix-tools (aka userspace-tools) in openMosix might allow local users to cause a denial of service (application crash) via a third-party program that calls this function with a long item argument. …

  • CVE-2008-1866Apr 17, 2008
    risk 0.03cvss epss 0.05

    admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for…

  • CVE-2008-1867Apr 17, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php.

  • CVE-2008-1868Apr 17, 2008
    risk 0.03cvss epss 0.03

    admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information.

  • CVE-2008-1869Apr 17, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Site Sift Listings allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: this issue might be site-specific.

  • CVE-2008-1870Apr 17, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-1871Apr 17, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action.