VYPR

CVEs

344,930 total · page 6315 of 6,899

  • CVE-2008-0757Feb 13, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in MercuryBoard 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter (aka the message text area), which leads to an injection in the messenger during private message (PM) preview.…

  • CVE-2008-0758Feb 13, 2008
    risk 0.00cvss epss 0.02

    Multiple directory traversal vulnerabilities in the Zidget/HTTP embedded HTTP server in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allow remote attackers to read arbitrary (1) gif, (2) png, (3) jpg, (4) xml, (5) ico, (6) zip, and (7) html files via a "..\" (dot dot…

  • CVE-2008-0759Feb 13, 2008
    risk 0.00cvss epss 0.02

    ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allows remote attackers to cause a denial of service (daemon crash) via an invalid UAM field in a request to the Apple Filing Protocol (AFP) service on TCP port 548.

  • CVE-2008-0760Feb 13, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. NOTE: this issue reportedly exists because of an…

  • CVE-2008-0761Feb 13, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Prince Clan Chess Club (com_pcchess) 0.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a players action.

  • CVE-2008-0762Feb 13, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in index.php in the com_iomezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.

  • CVE-2008-0763Feb 13, 2008
    risk 0.04cvss epss 0.08

    Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier allows remote attackers to execute arbitrary code via a long argument in a LICENSE command on TCP port 3114.

  • CVE-2008-0764Feb 13, 2008
    risk 0.04cvss epss 0.07

    Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114.

  • CVE-2008-0765Feb 13, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in artmedic webdesign weblog allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to artmedic_print.php and the (2) jahrneu parameter to index.php.

  • CVE-2008-0766Feb 13, 2008
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print Manager (RPM) 4.5.1.11 and earlier (Elite and Select) for Windows allows remote attackers to execute arbitrary code via a long filename in a "Receive data file" LPD command. NOTE: some of these details are…

  • CVE-2008-0767Feb 13, 2008
    risk 0.04cvss epss 0.08

    ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier does not verify that a certain "number of URLs" field is consistent with the packet length, which allows remote attackers to cause a denial of service (daemon crash) via a large integer in this field in a…

  • CVE-2008-0745Feb 13, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in aides/index.php in DomPHP 0.82 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

  • CVE-2008-0746Feb 13, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

  • CVE-2008-0747Feb 13, 2008
    risk 0.04cvss epss 0.07

    Stack-based buffer overflow in COWON America jetAudio 7.0.5 and earlier allows user-assisted remote attackers to execute arbitrary code via a long URL in a .asx file, a different vulnerability than CVE-2007-5487.

  • CVE-2008-0748Feb 13, 2008
    risk 0.04cvss epss 0.16

    Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX control in AxRUploadServer.dll 1.0.0.38 in SonyISUpload.cab 1.0.0.38 for Sony ImageStation allows remote attackers to execute arbitrary code via a long argument to the SetLogging method. NOTE: some of these…

  • CVE-2008-0749Feb 13, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS 3.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a calimero_webpage action.

  • CVE-2008-0750Feb 13, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in philboard_forum.asp in Husrev BlackBoard 2.0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

  • CVE-2008-0751Feb 13, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/.

  • CVE-2008-0752Feb 13, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Neogallery (com_neogallery) 1.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show action.

  • CVE-2008-0753Feb 13, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter.

  • CVE-2008-0754Feb 13, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in index.php in the Rapid Recipe (com_rapidrecipe) 1.6.5 component for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a showuser action or (2) the category_id parameter in a…

  • CVE-2008-0755Feb 13, 2008
    risk 0.03cvss epss 0.05

    Format string vulnerability in the ReportSysLogEvent function in the LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; might…

  • CVE-2008-0756Feb 13, 2008
    risk 0.03cvss epss 0.03

    The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; allows remote attackers to cause a denial of service (daemon crash) via a…

  • CVE-2008-0742Feb 13, 2008
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e)…

  • CVE-2008-0743Feb 13, 2008
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in members_help.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter.

  • CVE-2008-0744Feb 13, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in user_login.asp in PreProjects.com Pre Hotels & Resorts Management System allows remote attackers to execute arbitrary SQL commands via the login page.

  • CVE-2008-0733Feb 13, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in CS Team Counter Strike Portals allows remote attackers to execute arbitrary SQL commands via the id parameter, as demonstrated using the downloads page.

  • CVE-2008-0734Feb 13, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php.

  • CVE-2008-0735Feb 13, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter.

  • CVE-2008-0736Feb 13, 2008
    risk 0.03cvss epss 0.03

    admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter.

  • CVE-2008-0737Feb 13, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the helpfield parameter.

  • CVE-2008-0738Feb 13, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idcust parameter to (a) ajax_getTiers.asp and (b) ajax_getCust.asp in ajax/, and the (2) tableName parameter to…

  • CVE-2008-0739Feb 13, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and earlier 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the FedExAccount parameter.

  • CVE-2008-0740Feb 13, 2008
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this file.

  • CVE-2008-0741Feb 13, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) has unknown impact and attack vectors.

  • CVE-2007-3676Feb 13, 2008
    risk 0.00cvss epss 0.04

    IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests,…

  • CVE-2007-5757Feb 13, 2008
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the…

  • CVE-2008-0103Feb 13, 2008
    risk 0.02cvss epss 0.30

    Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office…

  • CVE-2007-0065Feb 12, 2008
    risk 0.03cvss epss 0.43

    Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.

  • CVE-2007-0216Feb 12, 2008
    risk 0.06cvss epss 0.38

    wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation…

  • CVE-2008-0076Feb 12, 2008
    risk 0.02cvss epss 0.29

    Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."

  • CVE-2008-0077HigFeb 12, 2008
    risk 0.60cvss 8.8epss 0.37

    Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory…

  • CVE-2008-0078Feb 12, 2008
    risk 0.02cvss epss 0.29

    Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."

  • CVE-2008-0080Feb 12, 2008
    risk 0.03cvss epss 0.41

    Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.

  • CVE-2008-0102Feb 12, 2008
    risk 0.03cvss epss 0.37

    Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."

  • CVE-2008-0104Feb 12, 2008
    risk 0.02cvss epss 0.29

    Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."

  • CVE-2008-0105Feb 12, 2008
    risk 0.07cvss epss 0.44

    Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table…

  • CVE-2008-0108Feb 12, 2008
    risk 0.07cvss epss 0.53

    Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter…

  • CVE-2008-0109Feb 12, 2008
    risk 0.02cvss epss 0.31

    Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.

  • CVE-2008-0009Feb 12, 2008
    risk 0.03cvss epss 0.01

    The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.