VYPR

CVEs

344,488 total · page 6444 of 6,890

  • CVE-2007-0429Jan 23, 2007
    risk 0.03cvss epss 0.03

    DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object.

  • CVE-2007-0430Jan 23, 2007
    risk 0.03cvss epss 0.01

    The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.

  • CVE-2007-0431Jan 23, 2007
    risk 0.00cvss epss 0.02

    AVM Fritz!Box 7050, and possibly other product models, allows remote attackers to cause a denial of service (VoIP application crash) via a zero-length UDP packet to the SIP port (port 5060).

  • CVE-2007-0432Jan 23, 2007
    risk 0.00cvss epss 0.01

    BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities.

  • CVE-2007-0433Jan 23, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled.

  • CVE-2007-0434Jan 23, 2007
    risk 0.00cvss epss 0.00

    BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection.

  • CVE-2007-0435Jan 23, 2007
    risk 0.00cvss epss 0.02

    T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value.

  • CVE-2007-0021Jan 23, 2007
    risk 0.05cvss epss 0.23

    Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI.

  • CVE-2007-0022Jan 23, 2007
    risk 0.00cvss epss 0.01

    Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program.

  • CVE-2007-0404Jan 23, 2007
    risk 0.00cvss epss 0.02

    bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.

  • CVE-2007-0405Jan 23, 2007
    risk 0.00cvss epss 0.01

    The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.

  • CVE-2007-0406Jan 23, 2007
    risk 0.00cvss epss 0.00

    Multiple buffer overflows in the (1) main function in (a) client.c, and the (2) server_setup and (3) server_client_connect functions in (b) server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service (daemon crash) or gain privileges via a long HOME…

  • CVE-2007-0407Jan 23, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is…

  • CVE-2007-0408Jan 23, 2007
    risk 0.00cvss epss 0.01

    BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate.

  • CVE-2007-0409Jan 23, 2007
    risk 0.00cvss epss 0.00

    BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.

  • CVE-2007-0410Jan 23, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the thread management in BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1, when T3 authentication is used, allows remote attackers to cause a denial of service (thread and system hang) via unspecified "sequences of events."

  • CVE-2007-0411Jan 23, 2007
    risk 0.00cvss epss 0.01

    BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack.

  • CVE-2007-0412Jan 23, 2007
    risk 0.00cvss epss 0.02

    BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files.

  • CVE-2007-0413Jan 23, 2007
    risk 0.00cvss epss 0.00

    BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file.

  • CVE-2007-0414Jan 23, 2007
    risk 0.00cvss epss 0.02

    BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages.

  • CVE-2007-0415Jan 23, 2007
    risk 0.00cvss epss 0.01

    BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions.

  • CVE-2007-0416Jan 23, 2007
    risk 0.00cvss epss 0.02

    The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.

  • CVE-2007-0417Jan 23, 2007
    risk 0.00cvss epss 0.02

    BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity.

  • CVE-2007-0418Jan 23, 2007
    risk 0.00cvss epss 0.02

    BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods.

  • CVE-2007-0419Jan 23, 2007
    risk 0.00cvss epss 0.02

    The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).

  • CVE-2007-0420Jan 23, 2007
    risk 0.00cvss epss 0.01

    BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.

  • CVE-2007-0421Jan 23, 2007
    risk 0.00cvss epss 0.02

    BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log.

  • CVE-2007-0422Jan 23, 2007
    risk 0.00cvss epss 0.02

    BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections.

  • CVE-2007-0423Jan 23, 2007
    risk 0.00cvss epss 0.00

    BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact.

  • CVE-2007-0424Jan 23, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked…

  • CVE-2007-0425Jan 23, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow.

  • CVE-2007-0426Jan 23, 2007
    risk 0.00cvss epss 0.03

    BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might…

  • CVE-2007-0427Jan 23, 2007
    risk 0.05cvss epss 0.31

    Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.

  • CVE-2007-0398Jan 22, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field.

  • CVE-2007-0399Jan 22, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.

  • CVE-2007-0400Jan 22, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

  • CVE-2007-0401Jan 22, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter.

  • CVE-2007-0402Jan 22, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter.

  • CVE-2007-0403Jan 22, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in admin/memberlist.php in Easebay Resources Paypal Subscription Manager allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

  • CVE-2007-0397Jan 20, 2007
    risk 0.00cvss epss 0.03

    The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those…

  • CVE-2006-6945Jan 19, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id parameters as handled in virtuemart_parser.php.

  • CVE-2007-0368Jan 19, 2007
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable.

  • CVE-2007-0369Jan 19, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum.

  • CVE-2007-0370Jan 19, 2007
    risk 0.03cvss epss 0.01

    Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a…

  • CVE-2007-0371Jan 19, 2007
    risk 0.03cvss epss 0.02

    A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP_BDc.SelectedFolder property value.

  • CVE-2007-0372Jan 19, 2007
    risk 0.00cvss epss 0.04

    Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in…

  • CVE-2007-0373Jan 19, 2007
    risk 0.01cvss epss 0.12

    Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter…

  • CVE-2007-0374Jan 19, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.

  • CVE-2007-0375Jan 19, 2007
    risk 0.00cvss epss 0.02

    Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts,…

  • CVE-2007-0376Jan 19, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.