Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 113970 entries
IDDescriptionPriorityModified date
CVE-2007-6123 Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and attack vectors. High Nov 27, 2007
CVE-2007-6122 The default_encrypt function in encrypt.c in IRC Services before 5.0.63, and 5.1.x before 5.1.7, allows remote attackers to cause a denial of service (daemon crash) via a long password. NOTE: some of these details are obtained from third party information. Medium Nov 27, 2007
CVE-2007-6121 Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. High Feb 27, 2008
CVE-2007-6120 The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. Medium Feb 28, 2008
CVE-2007-6119 The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. High Feb 27, 2008
CVE-2007-6118 The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. High Feb 28, 2008
CVE-2007-6117 Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 has unknown impact and remote attack vectors related to chunked messages. High Feb 28, 2008
CVE-2007-6116 The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors. High Feb 27, 2008
CVE-2007-6115 Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. High Feb 28, 2008
CVE-2007-6114 Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser. High Feb 28, 2008
CVE-2007-6113 Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP packet. High Feb 27, 2008
CVE-2007-6112 Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. High Feb 28, 2008
CVE-2007-6111 Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector. High Feb 28, 2008
CVE-2007-6110 Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. Medium Feb 29, 2008
CVE-2007-6109 Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain emacs -batch -eval command line. High Sep 5, 2008
CVE-2007-6106 SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action. High Feb 29, 2008
CVE-2007-6105 Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2) config[comments_form_tpl] parameter to comments-display-tpl.php. Medium Feb 29, 2008
CVE-2007-6104 Cross-site scripting (XSS) vulnerability in the Instant Web Publishing feature in FileMaker Pro 7 and 8, Server 7 and 8, and Developer 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Medium Mar 4, 2008
CVE-2007-6103 I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in its header, which is improperly handled by the Receiver::processPacket function; and (2) a denial of service (daemon crash) via an (a) IHU_INFO_INIT or a (b) IHU_INFO_RING packet that does not specify the mode, which is improperly handled by the Player::ring function in Player.cpp. Medium Nov 27, 2007
CVE-2007-6102 Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2JS) 1.91 allows remote attackers to inject arbitrary web script or HTML via a URL in a feed. Medium Nov 26, 2007
CVE-2007-6101 Ability Mail Server before 2.61 allows remote authenticated users to cause a denial of service (daemon crash) via (1) malformed number list ranges in unspecified IMAP commands, and possibly (2) a blank string in unspecified messages. Medium Dec 10, 2007
CVE-2007-6100 Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992. Low Nov 26, 2007
CVE-2007-6099 Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote attackers to conduct unauthorized activities. High Nov 23, 2007
CVE-2007-6098 Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for attackers with physical access to guess valid login credentials while avoiding detection. High Jan 15, 2008
CVE-2007-6097 Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorrectly accepted." High Nov 23, 2007
CVE-2007-6096 Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors. Medium Nov 23, 2007
CVE-2007-6095 The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users. Medium Nov 23, 2007
CVE-2007-6094 The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS). Medium Nov 23, 2007
CVE-2007-6093 The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expected." High Nov 23, 2007
CVE-2007-6092 Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. High Nov 23, 2007
CVE-2007-6091 Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field. High Nov 23, 2007
CVE-2007-6090 Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Medium Nov 23, 2007
CVE-2007-6089 PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. High Nov 23, 2007
CVE-2007-6088 PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBBViet 02.03.07 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. High Nov 23, 2007
CVE-2007-6087 Cross-site request forgery (CSRF) vulnerability in index.php in VigileCMS 1.4 allows remote attackers to change the admin password via certain parameters to the changepass module. Medium Nov 23, 2007
CVE-2007-6086 Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter. High Nov 23, 2007
CVE-2007-6085 Multiple cross-site scripting (XSS) vulnerabilities in index.php in VigileCMS 1.4 allow remote attackers to inject arbitrary web script or HTML via the message field in the (1) vedipm or (2) live_chat module. Medium Nov 23, 2007
CVE-2007-6084 SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter. High Nov 23, 2007
CVE-2007-6083 SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header. High Nov 23, 2007
CVE-2007-6082 Direct static code injection vulnerability in acp/saveUnchangeds.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/Unchangeds.php. High Nov 23, 2007
CVE-2007-6081 AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. High Nov 23, 2007
CVE-2007-6080 SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. High Mar 4, 2008
CVE-2007-6079 Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/Unchangeds/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file. High Mar 4, 2008
CVE-2007-6078 Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) nc_top.asp; (2) inc_bookmarks.asp, possibly involving a parameter passed from cp_main.asp; (3) inc_profile_functions.asp; or (4) inc_SUBSCRIPTIONS.asp; or the (5) Avatar_URL, (6) LINK1, or (7) LINK2 parameter to cp_main.asp in an EditIt action. High Mar 4, 2008
CVE-2007-6077 The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes :cookie_only to only be applied to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380. Medium Dec 13, 2007
CVE-2007-6067 Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted complex regular expression with doubly-nested states. Medium Sep 5, 2008
CVE-2007-6063 Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function. Medium Nov 21, 2007
CVE-2007-6062 irc-channel.c in ngIRCd 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument. Medium Dec 13, 2007
CVE-2007-6061 Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack. Medium Nov 21, 2007
CVE-2007-6060 AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field's value is larger than the actual number of bytes in the filename. High Nov 21, 2007
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online