VYPR

CVEs

344,693 total · page 6376 of 6,894

  • CVE-2007-3960Jul 24, 2007
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in IBM WebSphere Application Server (WAS) before Fix Pack 21 (6.0.2.21) have unknown impact and attack vectors, aka (1) PK33799, or (2) a "Potential security exposure" in the Samples component (PK40213).

  • CVE-2007-2925Jul 24, 2007
    risk 0.00cvss epss 0.06

    The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.

  • CVE-2007-2926Jul 24, 2007
    risk 0.04cvss epss 0.13

    ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache…

  • CVE-2007-3951Jul 24, 2007
    risk 0.01cvss epss 0.09

    Multiple buffer overflows in Norman Antivirus 5.90 allow remote attackers to execute arbitrary code via a crafted (1) ACE or (2) LZH file, resulting from an "integer cast around."

  • CVE-2007-3952Jul 24, 2007
    risk 0.00cvss epss 0.05

    The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to bypass the malware detection via a crafted DOC file, resulting from an "integer cast around".

  • CVE-2007-3953Jul 24, 2007
    risk 0.00cvss epss 0.04

    The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to cause a denial of service via a crafted DOC file that triggers a divide-by-zero error.

  • CVE-2007-3954Jul 24, 2007
    risk 0.01cvss epss 0.07

    Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto…

  • CVE-2007-3946Jul 24, 2007
    risk 0.00cvss epss 0.03

    mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the…

  • CVE-2007-3947Jul 24, 2007
    risk 0.04cvss epss 0.08

    request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.

  • CVE-2007-3948Jul 24, 2007
    risk 0.00cvss epss 0.03

    connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts.

  • CVE-2007-3949Jul 24, 2007
    risk 0.00cvss epss 0.03

    mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.

  • CVE-2007-3950Jul 24, 2007
    risk 0.00cvss epss 0.03

    lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav…

  • CVE-2007-3945Jul 23, 2007
    risk 0.00cvss epss 0.02

    Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password…

  • CVE-2007-2950Jul 23, 2007
    risk 0.00cvss epss 0.00

    Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges.

  • CVE-2007-3944Jul 23, 2007
    risk 0.01cvss epss 0.07

    Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular…

  • CVE-2007-3922Jul 21, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound…

  • CVE-2007-3923Jul 21, 2007
    risk 0.00cvss epss 0.02

    The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of…

  • CVE-2007-3924Jul 21, 2007
    risk 0.01cvss epss 0.14

    Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome…

  • CVE-2007-3925Jul 21, 2007
    risk 0.10cvss epss 0.85

    Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.

  • CVE-2007-3926Jul 21, 2007
    risk 0.00cvss epss 0.03

    Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor."

  • CVE-2007-3927Jul 21, 2007
    risk 0.05cvss epss 0.22

    Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe."

  • CVE-2007-3928Jul 21, 2007
    risk 0.00cvss epss 0.06

    Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638.

  • CVE-2007-3929Jul 21, 2007
    risk 0.01cvss epss 0.06

    Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object.

  • CVE-2007-3930Jul 21, 2007
    risk 0.02cvss epss 0.19

    Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in…

  • CVE-2007-3931Jul 21, 2007
    risk 0.00cvss epss 0.00

    The wrap_setuid_third_party_application function in the installation script for the Samsung SCX-4200 Driver 2.00.95 adds setuid permissions to third party applications such as xsane and xscanimage, which allows local users to gain privileges.

  • CVE-2007-3932Jul 21, 2007
    risk 0.04cvss epss 0.06

    uploadimg.php in the Expose RC35 and earlier (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder.

  • CVE-2007-3933Jul 21, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053.

  • CVE-2007-3934Jul 21, 2007
    risk 0.04cvss epss 0.08

    PHP remote file inclusion vulnerability in postscript/postscript.php in BBS E-Market allows remote attackers to execute arbitrary PHP code via a URL in the p_mode parameter.

  • CVE-2007-3935Jul 21, 2007
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in link_main.php in the SupaNav 1.0.0 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

  • CVE-2007-3936Jul 21, 2007
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the delfiles parameter.

  • CVE-2007-3937Jul 21, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2007-3938Jul 21, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676.

  • CVE-2007-3939Jul 21, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) CMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.

  • CVE-2007-3940Jul 21, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information.

  • CVE-2007-3941Jul 21, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS 1.0_1 allows remote authenticated users to inject arbitrary web script or HTML via the profile_email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third…

  • CVE-2007-3942Jul 21, 2007
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability…

  • CVE-2007-3943Jul 21, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Infinite Responder before 1.48 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.

  • CVE-2007-3380Jul 20, 2007
    risk 0.00cvss epss 0.03

    The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the service.

  • CVE-2007-3905Jul 19, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the _order parameter to (1) photos.php and (2) edit_photos.php.

  • CVE-2007-3906Jul 19, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Kaspersky Anti-Virus for Check Point FireWall-1 before Critical Fix 1 (5.5.161.0) might allow attackers to cause a denial of service (kernel hang) via unspecified vectors. NOTE: it is not clear whether there is an attacker role.

  • CVE-2007-3907Jul 19, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter…

  • CVE-2007-3908Jul 19, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in HP ServiceGuard for Linux for Red Hat Enterprise Linux (RHEL) 2.1 SG A.11.14.04 through A.11.14.06; RHEL 3.0 SG A.11.16.04 through A.11.16.10; and ServiceGuard Cluster Object Manager B.03.01.02 allows local users to gain privileges via unspecified…

  • CVE-2007-3909Jul 19, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) date and (2) limit parameters to index.php, and other unspecified vectors.

  • CVE-2007-3910Jul 19, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows remote attackers to inject arbitrary JavaScript via a Jabber resource name and possibly other data items, which are stored in conversation logs.

  • CVE-2006-4183Jul 18, 2007
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data…

  • CVE-2007-3268HigJul 18, 2007
    risk 0.49cvss 7.5epss 0.02

    The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a…

  • CVE-2007-3825Jul 18, 2007
    risk 0.01cvss epss 0.14

    Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor…

  • CVE-2007-3881Jul 18, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Pictures Rating (Picture Rating) allows remote attackers to execute arbitrary SQL commands via the msgid parameter.

  • CVE-2007-3882Jul 18, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Expert Advisor allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-3883Jul 18, 2007
    risk 0.04cvss epss 0.08

    The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method.