VYPR

CVEs

344,950 total · page 6299 of 6,899

  • CVE-2008-1022Apr 4, 2008
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size.

  • CVE-2008-1023Apr 4, 2008
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file.

  • CVE-2007-5661Apr 4, 2008
    risk 0.00cvss epss 0.02

    The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.

  • CVE-2008-0555Apr 4, 2008
    risk 0.00cvss epss 0.02

    The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers…

  • CVE-2008-0884Apr 4, 2008
    risk 0.00cvss epss 0.00

    The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a…

  • CVE-2008-1373Apr 4, 2008
    risk 0.00cvss epss 0.02

    Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.

  • CVE-2008-1374Apr 4, 2008
    risk 0.00cvss epss 0.04

    Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888.

  • CVE-2008-1680Apr 4, 2008
    risk 0.03cvss epss 0.02

    PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magic_quotes_gpc.

  • CVE-2008-1331Apr 2, 2008
    risk 0.04cvss epss 0.09

    cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter.

  • CVE-2008-1654Apr 2, 2008
    risk 0.00cvss epss 0.05

    Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated…

  • CVE-2008-1657Apr 2, 2008
    risk 0.00cvss epss 0.02

    OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

  • CVE-2008-0069Apr 2, 2008
    risk 0.04cvss epss 0.08

    Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than CVE-2008-1461.

  • CVE-2008-1620Apr 2, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0.0 and earlier in 2X ThinClientServer 5.0_sp1-r3497 and earlier allows remote attackers to read or overwrite arbitrary files via a ... (dot dot dot) in the filename.

  • CVE-2008-1621Apr 2, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2008-1622Apr 2, 2008
    risk 0.00cvss epss 0.01

    Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow remote attackers to execute arbitrary PHP code via a URL in the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2008-1623Apr 2, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin_view_image.php in Smoothflash allows remote attackers to execute arbitrary SQL commands via the cid parameter.

  • CVE-2008-1624Apr 2, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in v2demo/page.php in Jshop Server 1.x through 2.x allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xPage parameter.

  • CVE-2008-1625Apr 2, 2008
    risk 0.03cvss epss 0.01

    aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.

  • CVE-2008-1626Apr 2, 2008
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159.

  • CVE-2008-1627Apr 2, 2008
    risk 0.00cvss epss 0.01

    CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID.

  • CVE-2008-1628Apr 2, 2008
    risk 0.00cvss epss 0.01

    Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information.

  • CVE-2008-1629Apr 2, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-1630Apr 2, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) page/showcirculation.php; and (2) edittemplate_step2.php, (3) showfields.php, (4) showuser.php, (5)…

  • CVE-2008-1631Apr 2, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php.

  • CVE-2008-1632Apr 2, 2008
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) listid parameter to pages/editmailinglist_step1.php, the (2) userid parameter to pages/edituser.php, the (3) fieldid parameter to…

  • CVE-2008-1633Apr 2, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown impact and attack vectors, related to the use of (1) /tmp and (2) MINDI_CACHE.

  • CVE-2008-1634Apr 2, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder Gallery 3.1 allows remote attackers to inject arbitrary web script or HTML via the image parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-1635Apr 2, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tmp_theme parameter. NOTE: 5.1.1 is also reportedly affected.

  • CVE-2008-1636Apr 2, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-1637Apr 2, 2008
    risk 0.00cvss epss 0.04

    PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external…

  • CVE-2008-1638Apr 2, 2008
    risk 0.00cvss epss 0.00

    Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse.

  • CVE-2008-1639Apr 2, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php.

  • CVE-2008-1640Apr 2, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treffen 2.0.2 and earlier addon for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the view_id parameter in an ansicht action.

  • CVE-2008-1641Apr 2, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter.

  • CVE-2008-1642Apr 2, 2008
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2008-1643Apr 2, 2008
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2008-1644Apr 2, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-1645Apr 2, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in body.php in phpSpamManager (phpSM) 0.53 beta allows remote attackers to read arbitrary local files via a .. (dot dot) in the filename parameter.

  • CVE-2008-1646Apr 2, 2008
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter.

  • CVE-2008-1647Apr 2, 2008
    risk 0.04cvss epss 0.07

    The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these…

  • CVE-2008-1648Apr 2, 2008
    risk 0.00cvss epss 0.02

    Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party information.

  • CVE-2008-1649Apr 2, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action.

  • CVE-2008-1650Apr 2, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_News action.

  • CVE-2008-1651Apr 2, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

  • CVE-2008-1652Apr 2, 2008
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an…

  • CVE-2008-1653Apr 2, 2008
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in index.php in Sava's Link Manager 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the q parameter. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2008-1614Apr 2, 2008
    risk 0.00cvss epss 0.00

    suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges.

  • CVE-2008-1619Apr 2, 2008
    risk 0.00cvss epss 0.01

    The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool.

  • CVE-2008-1515Apr 1, 2008
    risk 0.00cvss epss 0.02

    The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."

  • CVE-2008-1612Apr 1, 2008
    risk 0.00cvss epss 0.02

    The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for…