VYPR

CVEs

344,694 total · page 6369 of 6,894

  • CVE-2007-4305Aug 13, 2007
    risk 0.03cvss epss 0.01

    Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.

  • CVE-2007-4306Aug 13, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlim_num_rows, (2) sql_query, or (3) pos parameter to (a) tbl_export.php; the (4) session_max_rows or (5) pos parameter to (b)…

  • CVE-2007-4307Aug 13, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 and earlier allow remote attackers to inject arbitrary web script or HTML via the next parameter to (1) addaddress.php, (2) editshipdetails.php, (3) register.php, or (4) login.php in secure/.

  • CVE-2007-4308Aug 13, 2007
    risk 0.00cvss epss 0.00

    The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.

  • CVE-2007-4309Aug 13, 2007
    risk 0.00cvss epss 0.01

    IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696.

  • CVE-2007-4310Aug 13, 2007
    risk 0.00cvss epss 0.01

    The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remote attackers to list all accounts that have certain nonstandard GECOS fields via a request composed of a single digit, as demonstrated by a "finger 9@host" command, a different vulnerability than CVE-2001-1503.

  • CVE-2007-4311Aug 13, 2007
    risk 0.00cvss epss 0.02

    The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 performs reseed operations on only the first few bytes of a buffer, which might make it easier for attackers to predict the output of the random number generator, related to incorrect…

  • CVE-2007-4312Aug 13, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a "print articles" action.

  • CVE-2007-4313Aug 13, 2007
    risk 0.08cvss epss 0.69

    PHP remote file inclusion vulnerability in public_includes/pub_blocks/activecontent.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter, a different vector than CVE-2006-2392, CVE-2006-3076, and…

  • CVE-2007-4314Aug 13, 2007
    risk 0.03cvss epss 0.02

    pixlie.php in Pixlie 1.7 allows remote attackers to trigger the reading and JPEG image processing of files in a remote directory tree via a URL in the root parameter. NOTE: this can be leveraged for traffic amplification or other denial of service.

  • CVE-2007-4315Aug 13, 2007
    risk 0.00cvss epss 0.00

    The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by "Purple Pill".

  • CVE-2007-4316Aug 13, 2007
    risk 0.00cvss epss 0.01

    The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device has a certain default password, which allows remote attackers to perform administrative actions.

  • CVE-2007-4317Aug 13, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General_1 with the (1)…

  • CVE-2007-4318Aug 13, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter.

  • CVE-2007-4319Aug 13, 2007
    risk 0.00cvss epss 0.01

    The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service (infinite reboot loop) via invalid configuration data. NOTE: this issue might not cross privilege boundaries, and it might…

  • CVE-2007-3851Aug 13, 2007
    risk 0.00cvss epss 0.00

    The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.

  • CVE-2007-4301Aug 13, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the management interface in WebCart 2.20 through 2.25 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-2956Aug 13, 2007
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the readRadianceHeader function in (1) src/fileformat/rgbeio.cpp in pfstools 1.6.2 and (2) src/Fileformat/rgbeio.cpp in Qtpfsgui 1.8.11 allows remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file.

  • CVE-2007-4296Aug 10, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in assp.pl in Anti-Spam SMTP Proxy Server (ASSP) 1.3.3 has unknown impact and attack vectors.

  • CVE-2007-4297Aug 10, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp in Dersimiz Haber Ekleme Modulu allow remote attackers to inject arbitrary web script or HTML via the (1) yazan, (2) mail, and (3) yorum parameters. NOTE: some of these details are obtained from third party…

  • CVE-2007-2955Aug 9, 2007
    risk 0.00cvss epss 0.04

    Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList…

  • CVE-2007-3843Aug 9, 2007
    risk 0.00cvss epss 0.03

    The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a…

  • CVE-2007-4279Aug 9, 2007
    risk 0.09cvss epss 0.75

    PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter.

  • CVE-2007-4280Aug 9, 2007
    risk 0.00cvss epss 0.01

    The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a…

  • CVE-2007-4281Aug 9, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors.

  • CVE-2007-4282Aug 9, 2007
    risk 0.00cvss epss 0.02

    The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain…

  • CVE-2007-4283Aug 9, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.

  • CVE-2007-4284Aug 9, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified MeetingPlace Web Conferencing (MP) 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) Success Template (STPL) and (2) Failure Template (FTPL) parameters, which are…

  • CVE-2007-4285Aug 9, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or component crash) via crafted…

  • CVE-2007-4286Aug 9, 2007
    risk 0.05cvss epss 0.19

    Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet.

  • CVE-2007-4287Aug 9, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in fc_functions/fc_example.php in FishCart 3.2 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the docroot parameter.

  • CVE-2007-4288Aug 9, 2007
    risk 0.04cvss epss 0.15

    Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au.

  • CVE-2007-4289Aug 9, 2007
    risk 0.00cvss epss 0.02

    Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715.

  • CVE-2007-4290CriAug 9, 2007
    risk 0.64cvss 9.8epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, or (3) inc/common.inc.php; or (4) database.php, (5) entries.php, (6) index.php,…

  • CVE-2007-4291Aug 9, 2007
    risk 0.00cvss epss 0.03

    Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3)…

  • CVE-2007-4292Aug 9, 2007
    risk 0.00cvss epss 0.03

    Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007, and (7) CSCsc60249.

  • CVE-2007-4293Aug 9, 2007
    risk 0.00cvss epss 0.02

    Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505.

  • CVE-2007-4294Aug 9, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.

  • CVE-2007-4295Aug 9, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749.

  • CVE-2007-3872Aug 9, 2007
    risk 0.05cvss epss 0.30

    Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests.

  • CVE-2007-4264Aug 9, 2007
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) path and (2) download parameters.

  • CVE-2007-4265Aug 9, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.do, the (3) folderId…

  • CVE-2007-4244Aug 8, 2007
    risk 0.04cvss epss 0.08

    PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter.

  • CVE-2007-4245Aug 8, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa CONTENTdm (CDM) allows remote attackers to inject arbitrary web script or HTML via a search, probably related to the CISOBOX1 parameter to results.php in CDM 4.2.

  • CVE-2007-4246Aug 8, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), a different vulnerability…

  • CVE-2007-4247Aug 8, 2007
    risk 0.01cvss epss 0.15

    Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file.

  • CVE-2007-4248Aug 8, 2007
    risk 0.00cvss epss 0.01

    The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors.

  • CVE-2007-4249Aug 8, 2007
    risk 0.00cvss epss 0.01

    The isChecked function in Toolbar.DLL in the ExportNation toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors.

  • CVE-2007-4250Aug 8, 2007
    risk 0.00cvss epss 0.01

    The isChecked function in Toolbar.DLL in Advanced Searchbar before 3.33 allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors.

  • CVE-2007-4251Aug 8, 2007
    risk 0.00cvss epss 0.01

    OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service.