VYPR

CVEs

344,908 total · page 6318 of 6,899

  • CVE-2008-0625Feb 6, 2008
    risk 0.04cvss epss 0.08

    Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in Yahoo! Music Jukebox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddBitmap method.

  • CVE-2008-0628Feb 6, 2008
    risk 0.00cvss epss 0.03

    The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial…

  • CVE-2008-0629Feb 6, 2008
    risk 0.00cvss epss 0.03

    Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r25824 allows remote user-assisted attackers to execute arbitrary code via a CDDB database entry containing a long album title.

  • CVE-2008-0630Feb 6, 2008
    risk 0.00cvss epss 0.04

    Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL, which causes the buffer to be reused by the unescape code.

  • CVE-2008-0631Feb 6, 2008
    risk 0.03cvss epss 0.04

    Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow remote attackers to (1) overwrite arbitrary files via the SaveToDisk method, or (2) modify files via the AddStringToFile method.

  • CVE-2008-0632Feb 6, 2008
    risk 0.04cvss epss 0.06

    Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root directory.

  • CVE-2008-0633Feb 6, 2008
    risk 0.03cvss epss 0.02

    Buffer overflow in Anon Proxy Server 0.102 and earlier, when user authentication is enabled, allows remote attackers to cause a denial of service (exception) via a user name with a large number of quotes, which triggers the overflow during escaping.

  • CVE-2008-0634Feb 6, 2008
    risk 0.03cvss epss 0.05

    Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1, as used in Sejoong Namo ActiveSquare6, allows remote attackers to execute arbitrary code via a long argument to the Install method, a different vulnerability than CVE-2008-0551.

  • CVE-2008-0635Feb 6, 2008
    risk 0.01cvss epss 0.12

    Unspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors.

  • CVE-2008-0601Feb 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.

  • CVE-2008-0602Feb 6, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the class_name parameter.

  • CVE-2008-0603Feb 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the amazOOP Awesom! (com_awesom) 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task.

  • CVE-2008-0604Feb 6, 2008
    risk 0.00cvss epss 0.01

    The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions.

  • CVE-2008-0605Feb 6, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the (1) txtSearch parameter to operator/article/article_search_results.asp and the (2) Attach_Id parameter to…

  • CVE-2008-0606Feb 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter.

  • CVE-2008-0607Feb 6, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in index.php in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) 2.5.3 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: the provenance of this information is unknown; the…

  • CVE-2008-0608Feb 6, 2008
    risk 0.00cvss epss 0.06

    The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log…

  • CVE-2008-0609Feb 6, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in DivideConcept VHD Web Pack 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

  • CVE-2008-0610Feb 6, 2008
    risk 0.06cvss epss 0.39

    Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary…

  • CVE-2008-0611Feb 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-0612Feb 6, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

  • CVE-2008-0613Feb 6, 2008
    risk 0.03cvss epss 0.02

    Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.

  • CVE-2008-0614Feb 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Photokorn Gallery 1.543 allows remote attackers to execute arbitrary SQL commands via the pic parameter in a showpic action.

  • CVE-2008-0615Feb 6, 2008
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters.

  • CVE-2008-0616Feb 6, 2008
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.

  • CVE-2008-0617Feb 6, 2008
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter to wp-admin/admin.php, or the (2) messagefield parameter in the guestbook page, and the (3)…

  • CVE-2008-0618Feb 6, 2008
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to unspecified programs. NOTE: the…

  • CVE-2008-0619Feb 6, 2008
    risk 0.04cvss epss 0.11

    Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file.

  • CVE-2008-0620Feb 6, 2008
    risk 0.00cvss epss 0.03

    SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate.

  • CVE-2008-0621Feb 6, 2008
    risk 0.09cvss epss 0.73

    Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands.

  • CVE-2008-0622Feb 6, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in RaidenHTTPD 2.0.19 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the ulang parameter.

  • CVE-2008-0485Feb 5, 2008
    risk 0.04cvss epss 0.09

    Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.

  • CVE-2008-0486Feb 5, 2008
    risk 0.00cvss epss 0.05

    Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.

  • CVE-2008-0590Feb 5, 2008
    risk 0.05cvss epss 0.22

    Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command.

  • CVE-2007-6340Feb 5, 2008
    risk 0.00cvss epss 0.00

    Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords.

  • CVE-2008-0579Feb 5, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the buslicense (com_buslicense) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in a list action.

  • CVE-2008-0580Feb 5, 2008
    risk 0.00cvss epss 0.00

    Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering.

  • CVE-2008-0581Feb 5, 2008
    risk 0.00cvss epss 0.00

    Geert Moernaut LSrunasE allows local users to gain privileges by obtaining the encrypted password from a batch file, and constructing a modified batch file that specifies this password in the /password switch and specifies an arbitrary program in the /command switch.

  • CVE-2008-0582Feb 5, 2008
    risk 0.00cvss epss 0.01

    Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible…

  • CVE-2008-0583Feb 5, 2008
    risk 0.00cvss epss 0.02

    Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified…

  • CVE-2008-0584Feb 5, 2008
    risk 0.00cvss epss 0.00

    Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) swap, (2) swapoff, and (3) swapon programs.

  • CVE-2008-0585Feb 5, 2008
    risk 0.00cvss epss 0.00

    sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permissions for unspecified WebSM Remote Client files, which allows local users to "alter the behavior of" this client by overwriting these files.

  • CVE-2008-0586Feb 5, 2008
    risk 0.00cvss epss 0.00

    Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd program in bos.clvm.enh.

  • CVE-2008-0587Feb 5, 2008
    risk 0.00cvss epss 0.00

    Buffer overflow in the uspchrp program in devices.chrp.base.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.

  • CVE-2008-0588Feb 5, 2008
    risk 0.00cvss epss 0.00

    Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.

  • CVE-2008-0589Feb 5, 2008
    risk 0.00cvss epss 0.00

    The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors.

  • CVE-2007-6700Feb 5, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter.

  • CVE-2008-0564Feb 5, 2008
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a…

  • CVE-2008-0565Feb 5, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-0566Feb 5, 2008
    risk 0.05cvss epss 0.21

    PHP remote file inclusion vulnerability in includes/smarty.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_public_program parameter.