VYPR

CVEs

344,930 total · page 6310 of 6,899

  • CVE-2008-1110Feb 29, 2008
    risk 0.04cvss epss 0.10

    Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an…

  • CVE-2008-1095Feb 29, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly.

  • CVE-2008-0303Feb 29, 2008
    risk 0.00cvss epss 0.02

    The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce.

  • CVE-2008-1078Feb 29, 2008
    risk 0.00cvss epss 0.01

    expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.

  • CVE-2008-1080Feb 29, 2008
    risk 0.00cvss epss 0.02

    Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input.

  • CVE-2008-1081Feb 29, 2008
    risk 0.00cvss epss 0.03

    Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties.

  • CVE-2008-1082Feb 29, 2008
    risk 0.00cvss epss 0.02

    Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation.

  • CVE-2008-1073Feb 29, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the report interface in Internet Security Systems (ISS) Internet Scanner 7.0 Service Pack 2 Build 7.2.2005.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-1074Feb 29, 2008
    risk 0.06cvss epss 0.34

    PHP remote file inclusion vulnerability in lib/head_auth.php in GROUP-E 1.6.41 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[PREPEND_FILE] parameter.

  • CVE-2008-1075Feb 29, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the provenance of this information is unknown; the details are obtained solely from third…

  • CVE-2008-1076Feb 29, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.php in Interspire Shopping Cart 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third…

  • CVE-2008-1077Feb 29, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Simpleboard (com_simpleboard) 1.0.3 Stable component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action.

  • CVE-2008-1070Feb 28, 2008
    risk 0.00cvss epss 0.02

    The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.

  • CVE-2008-1071Feb 28, 2008
    risk 0.00cvss epss 0.02

    The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.

  • CVE-2008-1072Feb 28, 2008
    risk 0.00cvss epss 0.01

    The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug.

  • CVE-2008-0411Feb 28, 2008
    risk 0.04cvss epss 0.14

    Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

  • CVE-2008-1067Feb 28, 2008
    risk 0.05cvss epss 0.20

    Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[path] parameter to (1) ezmlm.php and (2) tools/update_translations.php.

  • CVE-2008-1068Feb 28, 2008
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.php, and (3) Bleu/index.php in template/, different vectors…

  • CVE-2008-1069Feb 28, 2008
    risk 0.05cvss epss 0.27

    Multiple PHP remote file inclusion vulnerabilities in Quantum Game Library 0.7.2c allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) server_request.php and (2) qlib/smarty.inc.php.

  • CVE-2007-5397Feb 28, 2008
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in the activePDF Server service (aka APServer.exe) in activePDF Server 3.8.4 and 3.8.5.14, and possibly other versions before 3.8.6.16, allows remote attackers to execute arbitrary code via a packet with a size field that is less than the actual size…

  • CVE-2008-0124Feb 28, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as…

  • CVE-2008-0308Feb 28, 2008
    risk 0.00cvss epss 0.03

    Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation…

  • CVE-2008-0309Feb 28, 2008
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a…

  • CVE-2008-1063Feb 28, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter.

  • CVE-2008-1064Feb 28, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter.

  • CVE-2008-1065Feb 28, 2008
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details…

  • CVE-2008-1066Feb 28, 2008
    risk 0.00cvss epss 0.02

    The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.

  • CVE-2008-1056Feb 28, 2008
    risk 0.00cvss epss 0.00

    Multiple stack-based buffer overflows in Symark PowerBroker 2.8 through 5.0.1 allow local users to gain privileges via a long argv[0] string when executing (1) pbrun, (2) pbsh, or (3) pbksh. NOTE: the product is often installed in environments with trust relationships that…

  • CVE-2008-1057Feb 28, 2008
    risk 0.00cvss epss 0.02

    The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers.

  • CVE-2008-1058Feb 28, 2008
    risk 0.00cvss epss 0.02

    The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 allows attackers to cause a denial of service (panic) via crafted TCP packets. NOTE: some of these details are obtained from third party information.

  • CVE-2008-1059Feb 28, 2008
    risk 0.07cvss epss 0.48

    PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.

  • CVE-2008-1060Feb 28, 2008
    risk 0.07cvss epss 0.44

    Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter.

  • CVE-2008-1061Feb 28, 2008
    risk 0.04cvss epss 0.07

    Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly…

  • CVE-2008-1062Feb 28, 2008
    risk 0.00cvss epss 0.01

    InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with two CRLF sequences. NOTE: the…

  • CVE-2008-1037Feb 27, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which…

  • CVE-2008-1038Feb 27, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in mod/mod.extmanager.php in DBHcms 1.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the extmanager_install parameter.

  • CVE-2008-1039Feb 27, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in question.asp in PORAR WEBBOARD allows remote attackers to execute arbitrary SQL commands via the QID parameter.

  • CVE-2008-1040Feb 27, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI.

  • CVE-2008-1041Feb 27, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter.

  • CVE-2008-1042Feb 27, 2008
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter.

  • CVE-2008-1043Feb 27, 2008
    risk 0.07cvss epss 0.49

    PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter.

  • CVE-2008-1044Feb 27, 2008
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in the Quantum Streaming Player (Quantum Streaming IE Player) ActiveX control (aka QSP2IE.QSP2IE) in qsp2ie07076007.dll 7.7.6.7 and qsp2ie07074039.dll 7.7.4.39 in Move Media Player allows remote attackers to execute arbitrary code via a long argument…

  • CVE-2008-1045Feb 27, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter.

  • CVE-2008-1046Feb 27, 2008
    risk 0.05cvss epss 0.20

    PHP remote file inclusion vulnerability in footer.php in Quinsonnas Mail Checker 1.55 allows remote attackers to execute arbitrary PHP code via a URL in the op[footer_body] parameter.

  • CVE-2008-1047Feb 27, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-1048Feb 27, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.

  • CVE-2008-1049Feb 27, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors.

  • CVE-2008-1050Feb 27, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.

  • CVE-2008-1051Feb 27, 2008
    risk 0.05cvss epss 0.20

    PHP remote file inclusion vulnerability in include/body_comm.inc.php in phpProfiles 4.5.2 BETA allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.

  • CVE-2008-1052Feb 27, 2008
    risk 0.04cvss epss 0.07

    The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.