VYPR

CVEs

344,960 total · page 6297 of 6,900

  • CVE-2008-1758Apr 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the ConcoursPhoto module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the C_ID parameter to index.php.

  • CVE-2008-1759Apr 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922.

  • CVE-2008-1760Apr 12, 2008
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.

  • CVE-2008-1761Apr 12, 2008
    risk 0.01cvss epss 0.08

    Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access.

  • CVE-2008-1762Apr 12, 2008
    risk 0.04cvss epss 0.08

    Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption.

  • CVE-2008-1763Apr 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter.

  • CVE-2008-1764Apr 12, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs."

  • CVE-2008-1766Apr 12, 2008
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."

  • CVE-2007-6712Apr 12, 2008
    risk 0.00cvss epss 0.00

    Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux kernel 2.6.21-rc4, when running on 64-bit systems, allows local users to cause a denial of service (infinite loop) via a timer with a large expiry value, which causes the timer to always be expired.

  • CVE-2008-1750Apr 11, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to the /category URI.

  • CVE-2008-1751Apr 11, 2008
    risk 0.03cvss epss 0.04

    Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) language and (2) lang parameters.

  • CVE-2008-1752Apr 11, 2008
    risk 0.00cvss epss 0.01

    ezRADIUS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for (1) config.ini or (2) database.ini. NOTE: some of these details are obtained from third party information.

  • CVE-2008-1753Apr 11, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510.

  • CVE-2008-1754Apr 11, 2008
    risk 0.00cvss epss 0.00

    Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory.

  • CVE-2008-1755Apr 11, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in the showSource function in showSource.php in World of Phaos 4.0.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.

  • CVE-2008-1756Apr 11, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine 6.1 allows local users to cause a denial of service (daemon crash) via unspecified vectors.

  • CVE-2008-1724Apr 11, 2008
    risk 0.06cvss epss 0.35

    Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile…

  • CVE-2008-1725Apr 11, 2008
    risk 0.03cvss epss 0.03

    The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE:…

  • CVE-2008-1726Apr 11, 2008
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c)…

  • CVE-2008-1727Apr 11, 2008
    risk 0.04cvss epss 0.07

    KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts.

  • CVE-2008-1728Apr 11, 2008
    risk 0.00cvss epss 0.02

    ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages.

  • CVE-2008-1729Apr 11, 2008
    risk 0.00cvss epss 0.02

    The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content"…

  • CVE-2008-1730Apr 11, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter.

  • CVE-2008-1731Apr 11, 2008
    risk 0.00cvss epss 0.02

    The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction…

  • CVE-2008-1732Apr 11, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in showpredictionsformatch.php in Prediction Football 1.x allows remote attackers to execute arbitrary SQL commands via the matchid parameter in a dupa action.

  • CVE-2008-1733Apr 11, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php.

  • CVE-2008-1658Apr 11, 2008
    risk 0.00cvss epss 0.01

    Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password.

  • CVE-2008-1703Apr 11, 2008
    risk 0.00cvss epss 0.05

    Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.

  • CVE-2008-1704Apr 11, 2008
    risk 0.00cvss epss 0.05

    Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server.

  • CVE-2008-1719Apr 10, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET 3.2 and 3.4 allow remote attackers to perform actions as administrators, as demonstrated by inserting an XSS sequence into a document.

  • CVE-2008-1720Apr 10, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2008-1721Apr 10, 2008
    risk 0.00cvss epss 0.23

    Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.

  • CVE-2008-1722Apr 10, 2008
    risk 0.00cvss epss 0.02

    Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image.

  • CVE-2007-5399Apr 10, 2008
    risk 0.00cvss epss 0.06

    Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority, (8)…

  • CVE-2007-5405Apr 10, 2008
    risk 0.00cvss epss 0.06

    Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with…

  • CVE-2007-5406Apr 10, 2008
    risk 0.00cvss epss 0.03

    kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service…

  • CVE-2007-6020Apr 10, 2008
    risk 0.00cvss epss 0.06

    Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long…

  • CVE-2008-0066Apr 10, 2008
    risk 0.00cvss epss 0.06

    Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2)…

  • CVE-2008-1101Apr 10, 2008
    risk 0.00cvss epss 0.06

    Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG…

  • CVE-2008-1718Apr 10, 2008
    risk 0.00cvss epss 0.03

    Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail (MIME) attachment.

  • CVE-2007-0071Apr 9, 2008
    risk 0.07cvss epss 0.93

    Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and…

  • CVE-2007-6019Apr 9, 2008
    risk 0.08cvss epss 0.60

    Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.

  • CVE-2008-1655Apr 9, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.

  • CVE-2008-1712Apr 9, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in includes/functions_weblog.php in mxBB mx_blogs 2.0.0 beta allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.

  • CVE-2008-1713Apr 9, 2008
    risk 0.03cvss epss 0.03

    MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attackers to cause a denial of service (application crash) via a long string to IMAP port (143/tcp).

  • CVE-2008-1714Apr 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-1715Apr 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter.

  • CVE-2008-1716Apr 9, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are not properly handled when they are reflected back…

  • CVE-2008-1717Apr 9, 2008
    risk 0.00cvss epss 0.01

    WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found.

  • CVE-2008-1656Apr 9, 2008
    risk 0.00cvss epss 0.03

    Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725.