VYPR

CVEs

344,797 total · page 6344 of 6,896

  • CVE-2007-4217Nov 5, 2007
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in the domacro function in ftp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '$' command.

  • CVE-2007-4513Nov 5, 2007
    risk 0.00cvss epss 0.01

    Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv.

  • CVE-2007-4621Nov 5, 2007
    risk 0.00cvss epss 0.00

    Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain privileges via long command line arguments.

  • CVE-2007-4622Nov 5, 2007
    risk 0.00cvss epss 0.00

    Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line argument to dig.

  • CVE-2007-4623Nov 5, 2007
    risk 0.00cvss epss 0.01

    Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command.

  • CVE-2007-5796Nov 3, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists.

  • CVE-2007-5797Nov 3, 2007
    risk 0.00cvss epss 0.03

    SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.

  • CVE-2007-5798Nov 3, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2)…

  • CVE-2007-5799Nov 3, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2)…

  • CVE-2007-5800Nov 3, 2007
    risk 0.06cvss epss 0.37

    Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3)…

  • CVE-2007-5801Nov 3, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in WORK system e-commerce before 4.0.2 has unknown impact and attack vectors related to "Ajax pages."

  • CVE-2007-5802Nov 3, 2007
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a…

  • CVE-2007-5767Nov 2, 2007
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in which the Novell tree name is not properly delimited with a wide-character…

  • CVE-2007-5795Nov 2, 2007
    risk 0.03cvss epss 0.01

    The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a…

  • CVE-2007-4829Nov 2, 2007
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.

  • CVE-2007-5197Nov 2, 2007
    risk 0.00cvss epss 0.04

    Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.

  • CVE-2007-5660Nov 2, 2007
    risk 0.06cvss epss 0.37

    Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.

  • CVE-2007-5793Nov 1, 2007
    risk 0.00cvss epss 0.02

    Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection.

  • CVE-2007-5771Nov 1, 2007
    risk 0.03cvss epss 0.06

    Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.

  • CVE-2007-5772Nov 1, 2007
    risk 0.03cvss epss 0.04

    Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE:…

  • CVE-2007-5773Nov 1, 2007
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter.

  • CVE-2007-5774Nov 1, 2007
    risk 0.03cvss epss 0.03

    index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message.

  • CVE-2007-5775CriNov 1, 2007
    risk 0.69cvss 9.8epss 0.27

    Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher,…

  • CVE-2007-5776Nov 1, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demonstrated by a "%5c../../%5c" sequence.

  • CVE-2007-5777Nov 1, 2007
    risk 0.00cvss epss 0.01

    Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb.

  • CVE-2007-5778HigNov 1, 2007
    risk 0.49cvss 7.5epss 0.01

    Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network.

  • CVE-2007-5779Nov 1, 2007
    risk 0.09cvss epss 0.72

    Buffer overflow in the GomManager (GomWeb Control) ActiveX control in GomWeb3.dll 1.0.0.12 in Gretech Online Movie Player (GOM Player) 2.1.6.3499 allows remote attackers to execute arbitrary code via a long argument to the OpenUrl method.

  • CVE-2007-5780Nov 1, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in pub/pub08_comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.

  • CVE-2007-5781Nov 1, 2007
    risk 0.06cvss epss 0.39

    PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYS_PATH parameter.

  • CVE-2007-5782Nov 1, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

  • CVE-2007-5783Nov 1, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter.

  • CVE-2007-5784Nov 1, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.

  • CVE-2007-5785Nov 1, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in file.php in JobSite Professional 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-5786Nov 1, 2007
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigabe1.php, or (4) inc_freigabe3.php in include/; (5)…

  • CVE-2007-5787Nov 1, 2007
    risk 0.00cvss epss 0.01

    Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt.

  • CVE-2007-5788Nov 1, 2007
    risk 0.00cvss epss 0.02

    Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP INVITE message.

  • CVE-2007-5789Nov 1, 2007
    risk 0.00cvss epss 0.02

    The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.

  • CVE-2007-5790Nov 1, 2007
    risk 0.00cvss epss 0.00

    The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information.

  • CVE-2007-5791Nov 1, 2007
    risk 0.00cvss epss 0.04

    The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone…

  • CVE-2007-5792Nov 1, 2007
    risk 0.00cvss epss 0.01

    The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session.

  • CVE-2007-2957Oct 31, 2007
    risk 0.00cvss epss 0.06

    Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow.

  • CVE-2007-4351Oct 31, 2007
    risk 0.01cvss epss 0.07

    Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.

  • CVE-2007-5768Oct 31, 2007
    risk 0.00cvss epss 0.01

    The Globe7 soft phone client 7.3 sends username and password information in cleartext, which allows remote attackers to obtain sensitive information by sniffing the HTTP traffic.

  • CVE-2007-2263Oct 31, 2007
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.

  • CVE-2007-2264Oct 31, 2007
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.

  • CVE-2007-4345Oct 31, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message.

  • CVE-2007-4599Oct 31, 2007
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.

  • CVE-2007-5080Oct 31, 2007
    risk 0.01cvss epss 0.08

    Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.

  • CVE-2007-5081Oct 31, 2007
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file.

  • CVE-2007-5751Oct 31, 2007
    risk 0.00cvss epss 0.00

    Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials.