Page 4 of 28 results (0.007 seconds)

CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 0

Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression. Kaspersky AntiVirus Engine 6.0.1.411 para Windows y 5.5-10 para Linux permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU) mediante un archivo comprimido con UPX manipulado con un desplazamiento (offset) negativo, lo cual dispara un bucle infinito durante la extracción. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=485 http://secunia.com/advisories/24391 http://www.securityfocus.com/bid/22795 http://www.securitytracker.com/id?1017718 http://www.vupen.com/english/advisories/2007/0810 https://exchange.xforce.ibmcloud.com/vulnerabilities/32797 •

CVSS: 10.0EPSS: 10%CPEs: 94EXPL: 0

Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior. Múltiples vulnerabilidades no especificadas en JP1/Cm2/Network Node Manager (NNM) anterior a 07-10-05, y anterior a 08-00-02 en la serie 08-x, permiten a atacantes remotos ejecutar código de su elección, provocar una denegación de servicio, o disparar un comportamiento inválido de la herramienta Web. • http://osvdb.org/33528 http://osvdb.org/33529 http://secunia.com/advisories/24276 http://www.hitachi-support.com/security_e/vuls_e/HS07-002_e/index-e.html http://www.vupen.com/english/advisories/2007/0739 https://exchange.xforce.ibmcloud.com/vulnerabilities/32682 https://exchange.xforce.ibmcloud.com/vulnerabilities/32683 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 2

Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter. • https://www.exploit-db.com/exploits/22542 https://www.exploit-db.com/exploits/22541 http://securityreason.com/securityalert/3286 http://www.securityfocus.com/archive/1/319735 http://www.securityfocus.com/bid/7438 http://www.securityfocus.com/bid/7439 https://exchange.xforce.ibmcloud.com/vulnerabilities/11874 https://exchange.xforce.ibmcloud.com/vulnerabilities/11875 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 2%CPEs: 4EXPL: 1

Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors. • https://www.exploit-db.com/exploits/22545 http://perl.bobbitt.ca/yabbse/index.php?board=2%3Baction=display%3Bthreadid=720 http://securityreason.com/securityalert/3270 http://www.securityfocus.com/archive/1/319763 http://www.securityfocus.com/bid/7444 https://exchange.xforce.ibmcloud.com/vulnerabilities/11878 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access. • http://securityreason.com/securityalert/3276 http://www.securityfocus.com/archive/1/319747 http://www.securityfocus.com/bid/7440 https://exchange.xforce.ibmcloud.com/vulnerabilities/11871 •