VYPR

CVEs

344,930 total · page 6308 of 6,899

  • CVE-2008-1207Mar 8, 2008
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Fujitsu Interstage Smart Repository, as used in multiple Fujitsu Interstage products, allow remote attackers to cause a denial of service (daemon crash) via (1) an invalid request or (2) a large amount of data sent to the registered…

  • CVE-2008-1208Mar 8, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter.

  • CVE-2008-1209Mar 8, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in redirect.do in Xitex WebContent M1 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-1210Mar 8, 2008
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the ctags parsing code in Programmer's Notepad before 2.0.8.718 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted .c file, when the victim selects the Jump To dialog. …

  • CVE-2008-1211Mar 8, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in BosDates 3.x and 4.x allows remote attackers to inject arbitrary web script or HTML via (1) the type parameter in calendar.php and (2) the category parameter in calendar_search.php. NOTE: the provenance of this information is unknown;…

  • CVE-2008-1212Mar 8, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in set_permissions.php in Podcast Generator 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the scriptlang parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from…

  • CVE-2008-1213Mar 8, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Numara FootPrints for Linux 8.1 allows remote attackers to inject arbitrary web script or HTML via the Title form field when setting an appointment. NOTE: the provenance of this information is unknown; the details are obtained solely…

  • CVE-2008-1214Mar 8, 2008
    risk 0.00cvss epss 0.03

    MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allows remote attackers to execute arbitrary code via shell metacharacters in the PROJECTNUM parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-1185Mar 6, 2008
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different…

  • CVE-2008-1186Mar 6, 2008
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185,…

  • CVE-2008-1187Mar 6, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors…

  • CVE-2008-1188Mar 6, 2008
    risk 0.01cvss epss 0.12

    Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset…

  • CVE-2008-1189Mar 6, 2008
    risk 0.01cvss epss 0.07

    Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue.

  • CVE-2008-1190Mar 6, 2008
    risk 0.01cvss epss 0.17

    Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth"…

  • CVE-2008-1191Mar 6, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue."

  • CVE-2008-1192Mar 6, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via…

  • CVE-2008-1193Mar 6, 2008
    risk 0.04cvss epss 0.13

    Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.

  • CVE-2008-1194Mar 6, 2008
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.

  • CVE-2008-1195Mar 6, 2008
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to…

  • CVE-2008-1196Mar 6, 2008
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file.

  • CVE-2008-1198Mar 6, 2008
    risk 0.00cvss epss 0.02

    The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.

  • CVE-2008-1199Mar 6, 2008
    risk 0.00cvss epss 0.00

    Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.

  • CVE-2008-1200Mar 6, 2008
    risk 0.01cvss epss 0.12

    Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026.

  • CVE-2008-0072Mar 6, 2008
    risk 0.00cvss epss 0.06

    Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.

  • CVE-2008-0883Mar 6, 2008
    risk 0.00cvss epss 0.01

    acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.

  • CVE-2008-0985Mar 6, 2008
    risk 0.03cvss epss 0.05

    Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.

  • CVE-2008-0986Mar 6, 2008
    risk 0.03cvss epss 0.05

    Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.

  • CVE-2008-1172Mar 6, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php in TorrentTrader Classic 1.08 allow remote attackers to perform certain actions as other users, as demonstrated by sending messages.

  • CVE-2008-1173Mar 6, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in account-inbox.php in TorrentTrader Classic 1.08 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

  • CVE-2008-1174Mar 6, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter.

  • CVE-2008-1175Mar 6, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter to aspAdmin/deleteUser.asp, a different vector than CVE-2008-1174. NOTE: the provenance of this information is unknown;…

  • CVE-2008-1176Mar 6, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in function/sideblock.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to inject arbitrary web script or HTML via the sideblock4 parameter.

  • CVE-2008-1177Mar 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in shop/detail.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-1178Mar 6, 2008
    risk 0.03cvss epss 0.05

    Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2008-1119.

  • CVE-2008-1179Mar 6, 2008
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters. NOTE: some of these details are obtained…

  • CVE-2008-1180Mar 6, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the delivery_mode parameter.

  • CVE-2008-1181Mar 6, 2008
    risk 0.03cvss epss 0.02

    Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message.

  • CVE-2008-1182Mar 6, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-1183Mar 6, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax Live Help (CSLH) before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) livehelp.php, (2) user_questions.php, and (3) leavemessage.php. NOTE: the…

  • CVE-2008-1184Mar 6, 2008
    risk 0.00cvss epss 0.01

    The DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks.

  • CVE-2007-6704Mar 5, 2008
    risk 0.03cvss epss 0.06

    Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2)…

  • CVE-2008-1162Mar 5, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Photo Gallery 1.02 allows remote attackers to execute arbitrary SQL commands via the albumID parameter.

  • CVE-2008-1163Mar 5, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in phpArcadeScript 1.0 through 3.0 RC2 allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action.

  • CVE-2008-1164Mar 5, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in phpComasy 0.8 allows remote attackers to execute arbitrary SQL commands via the mod_project_id parameter in a project_detail action.

  • CVE-2008-1165Mar 5, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary…

  • CVE-2008-1166Mar 5, 2008
    risk 0.00cvss epss 0.01

    Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

  • CVE-2008-1167Mar 5, 2008
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party…

  • CVE-2008-1168Mar 5, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this…

  • CVE-2008-1169Mar 5, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in the embedded HTTP server in SCI Photo Chat Server 3.4.9 and earlier allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot forward slash) in the GET command.

  • CVE-2008-1170Mar 5, 2008
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php.