CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12601 CVE-2008-3108 119 Overflow +Priv 2008-07-09 2019-07-31
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing.
12602 CVE-2008-3107 264 +Priv 2008-07-09 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
12603 CVE-2008-3103 264 2008-07-09 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors.
12604 CVE-2008-3079 Exec Code 2008-07-08 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors.
12605 CVE-2008-3076 78 Exec Code 2009-02-21 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.
12606 CVE-2008-3075 94 Exec Code 2009-02-21 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
12607 CVE-2008-3074 78 Exec Code 2009-02-21 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
12608 CVE-2008-3066 119 Exec Code Overflow 2008-07-28 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file.
12609 CVE-2008-3064 264 2008-07-28 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability."
12610 CVE-2008-3042 264 2008-07-07 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Improper Error Handling."
12611 CVE-2008-3033 287 2008-07-07 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php.
12612 CVE-2008-3021 399 Exec Code 2008-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018.
12613 CVE-2008-3020 399 Exec Code 2008-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability."
12614 CVE-2008-3019 399 Exec Code 2008-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability."
12615 CVE-2008-3018 94 Exec Code 2008-08-12 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021.
12616 CVE-2008-3015 189 Exec Code Overflow 2008-09-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
12617 CVE-2008-3014 119 Exec Code Overflow 2008-09-10 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
12618 CVE-2008-3013 399 Exec Code 2008-09-10 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
12619 CVE-2008-3012 119 Exec Code Overflow Mem. Corr. 2008-09-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
12620 CVE-2008-3010 200 Exec Code +Info 2008-12-10 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability."
12621 CVE-2008-3009 255 Exec Code 2008-12-10 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
12622 CVE-2008-3008 119 Exec Code Overflow 2008-09-10 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."
12623 CVE-2008-3007 20 Exec Code 2008-09-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
12624 CVE-2008-3006 399 Exec Code 2008-08-12 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability."
12625 CVE-2008-3005 20 Exec Code 2008-08-12 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
12626 CVE-2008-3004 20 Exec Code 2008-08-12 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability."
12627 CVE-2008-3001 94 Exec Code 2008-07-03 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.
12628 CVE-2008-2992 119 Exec Code Overflow 2008-11-04 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
12629 CVE-2008-2959 119 Exec Code Overflow 2008-07-02 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function.
12630 CVE-2008-2928 119 DoS Exec Code Overflow 2008-08-29 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header.
12631 CVE-2008-2910 119 Exec Code Overflow 2008-06-30 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the DXTTextOutEffect ActiveX control (aka the Text-Effect DXT Filter), as distributed in TextOut.dll 6.0.18.1 and mvtextout.dll, in muvee autoProducer 6.0 and 6.1 allows remote attackers to execute arbitrary code via a long FontSetting property value.
12632 CVE-2008-2908 119 Exec Code Overflow 2008-06-30 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client for Windows before 4.36 allow remote attackers to execute arbitrary code via a long value of the (1) operation, (2) printer-url, or (3) target-frame parameter. NOTE: some of these details are obtained from third party information.
12633 CVE-2008-2899 2008-06-27 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in includes/classes/page.php in j00lean-CMS 1.03 has unknown impact and attack vectors.
12634 CVE-2008-2898 22 Dir. Trav. File Inclusion 2008-06-27 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in includes/header.php in Hedgehog-CMS 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the c_temp_path parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
12635 CVE-2008-2894 22 Dir. Trav. 2008-06-27 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
12636 CVE-2008-2888 94 Exec Code File Inclusion 2008-06-27 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[application][app_root] parameter to (1) collection.class.php and (2) content_image.class.php in lib/obj/.
12637 CVE-2008-2886 94 Exec Code File Inclusion 2008-06-27 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in include/plugins/jrBrowser/purchase.php in Jamroom 3.3.0 through 3.3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter.
12638 CVE-2008-2885 94 Exec Code File Inclusion 2008-06-27 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in src/browser/resource/categories/resource_categories_view.php in Open Digital Assets Repository System (ODARS) 1.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CLASSES_ROOT parameter.
12639 CVE-2008-2884 94 Exec Code File Inclusion 2008-06-27 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information.
12640 CVE-2008-2880 119 Exec Code Overflow 2008-06-26 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and 3.2.1.1 allows remote attackers to execute arbitrary code via a long SRC property value. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
12641 CVE-2008-2851 119 Overflow 2008-06-25 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in OFF System before 0.19.14 allow remote attackers to have an unknown impact via unspecified vectors related to "parsing of http headers."
12642 CVE-2008-2833 287 Bypass 2008-06-24 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters.
12643 CVE-2008-2832 94 Exec Code 2008-06-24 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/.
12644 CVE-2008-2828 119 DoS Exec Code Overflow 2008-06-23 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in tmsnc allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an MSN packet with a UBX command containing a large UBX payload length field.
12645 CVE-2008-2824 264 2008-06-23 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors.
12646 CVE-2008-2822 22 Dir. Trav. 2008-06-23 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in the FTP client in 3D-FTP Client 8.01 (8.0 build 1) allow remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a (1) LIST or (2) MLSD command.
12647 CVE-2008-2821 22 Dir. Trav. 2008-06-23 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.
12648 CVE-2008-2811 399 DoS Exec Code Overflow 2008-07-07 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.
12649 CVE-2008-2799 399 DoS Exec Code 2008-07-07 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.
12650 CVE-2008-2798 399 DoS Exec Code 2008-07-07 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.