VYPR

CVEs

344,960 total · page 6296 of 6,900

  • CVE-2008-1816Apr 16, 2008
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) SDO_UTIL in the Oracle Spatial component, aka DB05; or (2) fine grained auditing in the Audit component, aka DB14. NOTE: the…

  • CVE-2008-1817Apr 16, 2008
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown impact and remote attack vectors related to (1) SDO_IDX in the Spatial component, aka DB07; and (2) Core RDBMS, aka DB10. NOTE: the previous…

  • CVE-2008-1818Apr 16, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.

  • CVE-2008-1819Apr 16, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09.

  • CVE-2008-1820Apr 16, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has…

  • CVE-2008-1821Apr 16, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+, and 10.1.0.5 has unknown impact and remote attack vectors related to SYS.DBMS_AQJMS_INTERNAL, aka DB15. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has…

  • CVE-2008-1822Apr 16, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02.

  • CVE-2008-1823Apr 16, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.14 has unknown impact and remote attack vectors, aka AS01.

  • CVE-2008-1824Apr 16, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Oracle Dynamic Monitoring Service component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.3.3 has unknown impact and remote attack vectors, aka AS02.

  • CVE-2008-1825Apr 16, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 has unknown impact and remote attack vectors, aka AS03.

  • CVE-2008-1826Apr 16, 2008
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and attack vectors related to (a) Advanced Pricing, aka (1) APP01 and (2) APP10; and (b) Applications Framework, aka (3) APP05.

  • CVE-2008-1827Apr 16, 2008
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 and 12.0.4 have unknown impact and attack vectors related to (a) Advanced Pricing component, aka (1) APP02, (2) APP03, and (3) APP09; (b) Application Object Library component, aka (4) APP04, (5) APP07, and…

  • CVE-2008-1828Apr 16, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.19, 8.48.16, and 8.49.09 has unknown impact and remote authenticated attack vectors, aka PSE01.

  • CVE-2008-1829Apr 16, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the PeopleSoft HCM Recruiting component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1 has unknown impact and remote attack vectors, aka PSE02.

  • CVE-2008-1830Apr 16, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the PeopleSoft HCM ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 and 9.0 has unknown impact and remote attack vectors, aka PSE03.

  • CVE-2008-1831Apr 16, 2008
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka (1) SEBL01, (2) SEBL02, (3) SEBL03, (4) SEBL04, (5) SEBL05, and (6) SEBL06.

  • CVE-2008-1787Apr 15, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Poplar Gedcom Viewer 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) text and (2) ul parameters. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2008-1788Apr 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2008-1789Apr 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.

  • CVE-2008-1790Apr 15, 2008
    risk 0.03cvss epss 0.01

    Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.

  • CVE-2008-1791Apr 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the ladderid parameter.

  • CVE-2008-1792Apr 15, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-1793Apr 15, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Smart Classified ADS Professional, Smart Photo ADS, and Smart Photo ADS Gold allow remote attackers to inject arbitrary web script or HTML via the (1) AdNum and (2) Department parameters. NOTE: the provenance of…

  • CVE-2008-1794Apr 15, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-1795Apr 15, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to…

  • CVE-2008-1796Apr 15, 2008
    risk 0.00cvss epss 0.00

    Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service.

  • CVE-2008-1797Apr 15, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Secure Computing Webwasher 5.30 before build 3159 and 6.3.0 before build 3150 allows remote attackers to cause a denial of service (freeze) via a crafted URL.

  • CVE-2008-1798Apr 15, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in forum/kietu/libs/calendrier.php in Dragoon 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cal[lng] parameter.

  • CVE-2008-1799Apr 15, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.

  • CVE-2008-1800Apr 15, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in DivXDB 2002 0.94b allow remote attackers to inject arbitrary web script or HTML via the (1) choice, (2) _page_, (3) zone_admin, (4) general_search, and (5) import parameters. NOTE: the provenance of this…

  • CVE-2008-1782Apr 15, 2008
    risk 0.03cvss epss 0.02

    phpdemo/viewsource.php in Advanced Software Engineering ChartDirector 4.1 allows remote attackers to read sensitive files via the file parameter.

  • CVE-2008-1783Apr 15, 2008
    risk 0.03cvss epss 0.02

    Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.

  • CVE-2008-1784Apr 15, 2008
    risk 0.03cvss epss 0.03

    Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/.

  • CVE-2008-1785Apr 15, 2008
    risk 0.03cvss epss 0.02

    delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter.

  • CVE-2008-0927Apr 14, 2008
    risk 0.09cvss epss 0.70

    dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be…

  • CVE-2008-0961CriApr 14, 2008
    risk 0.64cvss 9.8epss 0.05

    EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.

  • CVE-2008-0962Apr 14, 2008
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface.

  • CVE-2008-0963Apr 14, 2008
    risk 0.00cvss epss 0.03

    Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface.

  • CVE-2008-1100Apr 14, 2008
    risk 0.01cvss epss 0.11

    Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.

  • CVE-2008-1382Apr 14, 2008
    risk 0.00cvss epss 0.06

    libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of…

  • CVE-2008-1772Apr 14, 2008
    risk 0.03cvss epss 0.02

    iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information.

  • CVE-2008-1773Apr 14, 2008
    risk 0.05cvss epss 0.24

    PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.

  • CVE-2008-1774Apr 14, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-1775Apr 14, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from…

  • CVE-2008-1776Apr 14, 2008
    risk 0.05cvss epss 0.24

    PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter.

  • CVE-2008-1777Apr 14, 2008
    risk 0.00cvss epss 0.02

    The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028.

  • CVE-2008-1778Apr 14, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors.

  • CVE-2008-1779Apr 14, 2008
    risk 0.00cvss epss 0.02

    Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets.

  • CVE-2008-1780Apr 14, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors.

  • CVE-2008-1757Apr 12, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter.