VYPR

CVEs

344,694 total · page 6364 of 6,894

  • CVE-2007-4565Aug 28, 2007
    risk 0.00cvss epss 0.02

    sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.

  • CVE-2007-4566Aug 28, 2007
    risk 0.04cvss epss 0.15

    Multiple buffer overflows in the login mechanism in sidvault in Alpha Centauri Software SIDVault LDAP Server before 2.0f allow remote attackers to execute arbitrary code via crafted LDAP packets, as demonstrated by a long dc entry in an LDAP bind.

  • CVE-2007-4549Aug 28, 2007
    risk 0.00cvss epss 0.05

    Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow user-assisted remote attackers to execute arbitrary code via an ALPass DB (APW) file containing (1) a long file-key or (2) a "Site Information and Folder entry" with a ciphertext_length value much larger than…

  • CVE-2007-4550Aug 28, 2007
    risk 0.00cvss epss 0.04

    Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file.

  • CVE-2007-4551Aug 28, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter.

  • CVE-2007-4552Aug 28, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary SQL commands via the blockpage parameter. NOTE: as of 20070827, the vendor has made conflicting statements regarding whether this issue exists or not.

  • CVE-2007-4553Aug 28, 2007
    risk 0.04cvss epss 0.08

    The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number.

  • CVE-2007-4554Aug 28, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7.

  • CVE-2007-4555Aug 28, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can…

  • CVE-2007-4544Aug 27, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field).

  • CVE-2007-4545Aug 27, 2007
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in Unreal Commander 0.92 build 565 and 573 allow user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) ZIP or (2) RAR archive.

  • CVE-2007-4546Aug 27, 2007
    risk 0.00cvss epss 0.02

    Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a…

  • CVE-2007-4547Aug 27, 2007
    risk 0.00cvss epss 0.01

    Unreal Commander 0.92 build 565 and 573 writes portions of heap memory into local files when extracting from an archive with malformed size information in a file header, which might allow user-assisted attackers to obtain sensitive information (memory contents) by reading the…

  • CVE-2007-4548Aug 27, 2007
    risk 0.00cvss epss 0.04

    The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username…

  • CVE-2007-4537Aug 27, 2007
    risk 0.03cvss epss 0.05

    Heap-based buffer overflow in the Huffman decompression algorithm implemented in Skulltag 0.97d-beta4.1 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet.

  • CVE-2007-4538Aug 27, 2007
    risk 0.00cvss epss 0.02

    email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters.

  • CVE-2007-4539Aug 27, 2007
    risk 0.00cvss epss 0.02

    The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2)…

  • CVE-2007-4540Aug 27, 2007
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header.

  • CVE-2007-4541Aug 27, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php.

  • CVE-2007-4542Aug 27, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the…

  • CVE-2007-4543Aug 27, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form."

  • CVE-2007-2797Aug 27, 2007
    risk 0.00cvss epss 0.00

    xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.

  • CVE-2007-2958Aug 27, 2007
    risk 0.00cvss epss 0.03

    Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.

  • CVE-2007-3741Aug 27, 2007
    risk 0.00cvss epss 0.03

    The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.

  • CVE-2007-4131Aug 25, 2007
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

  • CVE-2007-4522Aug 25, 2007
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and…

  • CVE-2007-4523Aug 25, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b)…

  • CVE-2007-4524Aug 25, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in adisplay.php in PhPress 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.

  • CVE-2007-4525Aug 25, 2007
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers,…

  • CVE-2007-4526Aug 25, 2007
    risk 0.00cvss epss 0.00

    The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file.

  • CVE-2007-4527Aug 25, 2007
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in phUploader.php in phphq.Net phUploader 1.2 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2007-4528Aug 25, 2007
    risk 0.03cvss epss 0.05

    The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. …

  • CVE-2007-4529Aug 25, 2007
    risk 0.00cvss epss 0.02

    The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the (1)…

  • CVE-2007-4530Aug 25, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or (2) the ok_title parameter to ok_box.html.

  • CVE-2007-4531Aug 25, 2007
    risk 0.03cvss epss 0.03

    Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and earlier, allows remote attackers to cause a client denial of service (crash) via (1) a long string to the file transfer port or (2) a long chat message, or (3) a server denial of service (continuous beep and…

  • CVE-2007-4532Aug 25, 2007
    risk 0.00cvss epss 0.02

    Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and earlier, allows remote attackers to cause a denial of service (client lockout) via a series of UDP join packets from a spoofed IP address, which triggers temporary blacklisting of this IP address.

  • CVE-2007-4533Aug 25, 2007
    risk 0.04cvss epss 0.08

    Format string vulnerability in the Say command in sv_main.cpp in Vavoom 1.24 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a chat message, related to a call to the BroadcastPrintf function.

  • CVE-2007-4534Aug 25, 2007
    risk 0.04cvss epss 0.11

    Buffer overflow in the VThinker::BroadcastPrintf function in p_thinker.cpp in Vavoom 1.24 and earlier allows remote attackers to execute arbitrary code via (1) a long string in a chat message and possibly (2) a long name field.

  • CVE-2007-4535Aug 25, 2007
    risk 0.03cvss epss 0.05

    The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows remote attackers to cause a denial of service (daemon crash) via a string with a negative NewLen value within a certain UDP packet that triggers an assertion error.

  • CVE-2007-4536Aug 25, 2007
    risk 0.00cvss epss 0.00

    TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying (1) disclaimer.txt, (2) sponsors.txt, and (3) banners.txt, which are used in an include call. NOTE: there might be local…

  • CVE-2007-3847Aug 23, 2007
    risk 0.01cvss epss 0.13

    The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

  • CVE-2007-4498Aug 23, 2007
    risk 0.04cvss epss 0.14

    The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE…

  • CVE-2007-4499Aug 23, 2007
    risk 0.00cvss epss 0.02

    Unrestricted file upload vulnerability in output.php in American Financing eMail Image Upload 4.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from…

  • CVE-2007-4500Aug 23, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 beta, and possibly later versions, allows local users to gain privileges via unspecified vectors.

  • CVE-2007-4501Aug 23, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in PassphraseRequester in SSHKeychain before 0.8.2 beta allows attackers to obtain sensitive information (passwords) via unknown vectors, related to "poor protection."

  • CVE-2007-4502Aug 23, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter.

  • CVE-2007-4503Aug 23, 2007
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter.

  • CVE-2007-4504Aug 23, 2007
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.

  • CVE-2007-4505Aug 23, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.

  • CVE-2007-4506Aug 23, 2007
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offer_view action.