VYPR

CVEs

344,668 total · page 6404 of 6,894

  • CVE-2007-0942May 8, 2007
    risk 0.03cvss epss 0.32

    Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote…

  • CVE-2007-0944May 8, 2007
    risk 0.03cvss epss 0.35

    Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling…

  • CVE-2007-0945May 8, 2007
    risk 0.02cvss epss 0.31

    Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory…

  • CVE-2007-0946May 8, 2007
    risk 0.02cvss epss 0.31

    Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects…

  • CVE-2007-0947May 8, 2007
    risk 0.03cvss epss 0.32

    Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the…

  • CVE-2007-1202May 8, 2007
    risk 0.02cvss epss 0.29

    Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption…

  • CVE-2007-1747May 8, 2007
    risk 0.03cvss epss 0.32

    Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.

  • CVE-2007-2221May 8, 2007
    risk 0.06cvss epss 0.37

    Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote…

  • CVE-2007-2508May 8, 2007
    risk 0.09cvss epss 0.77

    Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the…

  • CVE-2007-2524May 8, 2007
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for…

  • CVE-2007-2525May 8, 2007
    risk 0.00cvss epss 0.00

    Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized.

  • CVE-2007-2526May 8, 2007
    risk 0.04cvss epss 0.07

    Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument.

  • CVE-2007-2527May 8, 2007
    risk 0.03cvss epss 0.04

    Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index.php.

  • CVE-2007-2528May 8, 2007
    risk 0.00cvss epss 0.04

    Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508.

  • CVE-2007-0035May 8, 2007
    risk 0.03cvss epss 0.32

    Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow…

  • CVE-2007-0215May 8, 2007
    risk 0.03cvss epss 0.32

    Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.

  • CVE-2007-1203May 8, 2007
    risk 0.02cvss epss 0.31

    Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.

  • CVE-2007-1214May 8, 2007
    risk 0.02cvss epss 0.28

    Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.

  • CVE-2007-2521May 8, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter.

  • CVE-2007-1861May 7, 2007
    risk 0.03cvss epss 0.01

    The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow.

  • CVE-2007-2239May 7, 2007
    risk 0.04cvss epss 0.12

    Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause…

  • CVE-2007-2488May 7, 2007
    risk 0.00cvss epss 0.04

    The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash),…

  • CVE-2007-2501May 4, 2007
    risk 0.00cvss epss 0.03

    Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call.

  • CVE-2007-2502May 4, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015.

  • CVE-2007-2503May 4, 2007
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party…

  • CVE-2007-2504May 4, 2007
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in user/turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct…

  • CVE-2007-2505May 4, 2007
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 allows user-assisted remote attackers to execute arbitrary code via a long command line argument, as demonstrated by a long string in the subject field in a mailto URI. NOTE: some of these details are obtained…

  • CVE-2007-2506May 4, 2007
    risk 0.03cvss epss 0.04

    WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by…

  • CVE-2007-2507May 4, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in includes/download.php in Treble Designs 1024 CMS 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the item parameter.

  • CVE-2007-2491May 4, 2007
    risk 0.00cvss epss 0.00

    The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified…

  • CVE-2007-2492May 4, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action.

  • CVE-2007-2493May 4, 2007
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

  • CVE-2007-2494May 4, 2007
    risk 0.03cvss epss 0.05

    Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5)…

  • CVE-2007-2495May 4, 2007
    risk 0.03cvss epss 0.04

    Multiple stack-based buffer overflows in the ExcelOCX ActiveX control in ExcelViewer.ocx 3.1.0.6 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6)…

  • CVE-2007-2496May 4, 2007
    risk 0.03cvss epss 0.04

    The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8)…

  • CVE-2007-2497May 4, 2007
    risk 0.04cvss epss 0.07

    RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct.

  • CVE-2007-2498May 4, 2007
    risk 0.04cvss epss 0.10

    libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information.

  • CVE-2007-2499May 4, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the movieid parameter to loan.php or (2) the s parameter to listmovies.php.

  • CVE-2007-2500May 4, 2007
    risk 0.00cvss epss 0.05

    server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an…

  • CVE-2007-2489May 3, 2007
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and other versions before update 500062 (5.00.062), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request for a WSDL file that causes a negative…

  • CVE-2007-2490May 3, 2007
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in LiveData Server before 5.00.62 allows remote attackers to cause a denial of service (exit) via crafted Connection-Oriented Transport Protocol (COTP) packets.

  • CVE-2007-2480May 3, 2007
    risk 0.00cvss epss 0.00

    The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for…

  • CVE-2007-2481May 3, 2007
    risk 0.06cvss epss 0.40

    PHP remote file inclusion vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.

  • CVE-2007-2482May 3, 2007
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the wpPATH parameter.

  • CVE-2007-2483May 3, 2007
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the wpPATH parameter.

  • CVE-2007-2484May 3, 2007
    risk 0.07cvss epss 0.45

    PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.

  • CVE-2007-2485May 3, 2007
    risk 0.07cvss epss 0.55

    PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.

  • CVE-2007-2486May 3, 2007
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter.

  • CVE-2007-2487May 3, 2007
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in AtomixMP3 allows remote attackers to execute arbitrary code via a long filename in an MP3 file, a different vector than CVE-2006-6287.

  • CVE-2007-2477May 3, 2007
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the {ChatPath} parameter. NOTE: this has been disputed by multiple third parties and CVE because $ChatPath is set to a constant value