All customers except US A&D: to ensure that you can access all of your product downloads, you must log in to the Wind River Delivers portal https://delivers.windriver.com and visit the My Products page to force an initial sync of your product entitlement. Only after you’ve completed this step will you be able to access and download product content through the Artifacts, Registry, and Git interfaces. This also applies to users attempting to run the Wind River installer in maintenance or update mode or Linux installation updates at the command line.

Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 142792 entries
IDDescriptionPriorityModified date
CVE-2008-2299 Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions. Medium May 19, 2008
CVE-2008-2300 Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors. Medium May 19, 2008
CVE-2008-2301 SQL injection vulnerability in Kostenloses Linkmanagementscript allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) top_view.php. High May 19, 2008
CVE-2008-2334 Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) forumid parameter to (a) admin/philboard_admin-forumedit.asp, (b) admin/philboard_admin-forum.asp, and (c) W1L3D4_foruma_yeni_konu_ac.asp; the (2) id parameter to (d) W1L3D4_konuoku.asp and (e) W1L3D4_konuya_mesaj_yaz.asp; and the (3) topic parameter to W1L3D4_konuya_mesaj_yaz.asp, different vectors than CVE-2008-1939, CVE-2007-2641, and CVE-2007-0920. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. High May 19, 2008
CVE-2008-2335 Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. Medium May 19, 2008
CVE-2008-2336 SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter. High May 19, 2008
CVE-2008-2337 Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b) popup/koment.php and (c) popup/opis.php in, different vectors than CVE-2006-3163. High May 19, 2008
CVE-2008-2338 Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin. High May 19, 2008
CVE-2008-2339 SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549. High May 19, 2008
CVE-2008-2340 Multiple SQL injection vulnerabilities in Unchangeds Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php. High May 19, 2008
CVE-2008-2341 PHP remote file inclusion vulnerability in ch_readalso.php in Unchangeds Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter. High May 19, 2008
CVE-2008-2342 Directory traversal vulnerability in attachments.php in Unchangeds Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. Medium May 19, 2008
CVE-2008-2343 Unchangeds Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php. High May 19, 2008
CVE-2008-2344 Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Medium May 19, 2008
CVE-2008-2345 Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to insufficient file filtering. High May 19, 2008
CVE-2008-1740 The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified stress test, aka Bug ID CSCsh20972. High May 16, 2008
CVE-2008-1741 The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533. High May 16, 2008
CVE-2008-2208 SQL injection vulnerability in index.php in Maian Greeting 2.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. High May 16, 2008
CVE-2008-2209 Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Greeting 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script and (2) msg_script2 parameters. Medium May 16, 2008
CVE-2008-2210 Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script, (2) msg_script2, and (3) msg_script3 parameters to admin/inc/footer.php; and the (4) msg_script2 parameter to admin/inc/header.php. Medium May 16, 2008
CVE-2008-2211 Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Guestbook 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters. Medium May 16, 2008
CVE-2008-2212 Multiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_adminheader, (2) msg_adminheader2, (3) msg_adminheader3, (4) msg_adminheader4, and unspecified other parameters to admin/inc/header.php; the (5) msg_script3 and unspecified other parameters to admin/inc/footer.php; and the (6) keywords parameter to index.php in a search action. Medium May 16, 2008
CVE-2008-2213 Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Links 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters. Medium May 16, 2008
CVE-2008-1749 Memory leak in Cisco Content Switching Module (CSM) 4.2(3) up to 4.2(8) and Cisco Content Switching Module with SSL (CSM-S) 2.1(2) up to 2.1(7) allows remote attackers to cause a denial of service (memory consumption) via TCP segments with an unspecified combination of TCP flags. High May 15, 2008
CVE-2008-1943 Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted shared framebuffer. High May 15, 2008
CVE-2008-1944 Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates." High May 15, 2008
CVE-2008-2188 Multiple cross-site scripting (XSS) vulnerabilities in EJ3 BlackBook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) bookCopyright and (2) ver parameters to (a) footer.php, and the (3) bookName, (4) bookMetaTags, and (5) estiloCSS parameters to (b) header.php. Medium May 15, 2008
CVE-2008-2196 Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the UnchangedBlogUserName parameter in an addBlogUser action, a different vector than CVE-2008-2178. Medium May 15, 2008
CVE-2008-2197 SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php. High May 15, 2008
CVE-2008-2198 PHP remote file inclusion vulnerability in kmitaadmin/kmitat/htmlcode.php in Kmita Tellfriend 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. Medium May 15, 2008
CVE-2008-2199 PHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode.php in Kmita Mail 3.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. Medium May 15, 2008
CVE-2008-2200 Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to admin/index.php in a blogs search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action. Medium May 15, 2008
CVE-2008-2201 Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Recipe 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters. Medium May 15, 2008
CVE-2008-2202 Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action. Medium May 15, 2008
CVE-2008-2203 SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. High May 15, 2008
CVE-2008-2204 Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Search 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters. Medium May 15, 2008
CVE-2008-2205 SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action. High May 15, 2008
CVE-2008-2206 Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter in a search action to index.php, and the (2) msg_script parameter to admin/inc/footer.php. Medium May 15, 2008
CVE-2008-2207 Cross-site scripting (XSS) vulnerability in admin/index.php in Maian Gallery 2.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action. Medium May 15, 2008
CVE-2008-2214 Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet. High May 15, 2008
CVE-2008-2215 Multiple directory traversal vulnerabilities in Project-Based Calendaring System (PBCS) 0.7.1-1 allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) src/yopy_sync.php and (2) system-logger/print_logs.php. Medium May 15, 2008
CVE-2008-2216 Unrestricted file upload vulnerability in src/yopy_upload.php in Project-Based Calendaring System (PBCS) 0.7.1 allows remote authenticated users to upload arbitrary files to tmp/uploads. Medium May 15, 2008
CVE-2008-2217 Directory traversal vulnerability in cm/graphie.php in Content Management System 0.6.1 for Phprojekt allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cm_imgpath parameter. Medium May 15, 2008
CVE-2008-2218 Buffer overflow in the Multimedia PC Client in Nortel Multimedia Communication Server (MCS) before Maintenance Release 3.5.8.3 and 4.0.25.3 allows remote attackers to cause a denial of service (crash) via a flood of "extraneous" messages, as demonstrated by the Nessus "Generic flood" denial of service plugin. Medium May 15, 2008
CVE-2008-2219 Cross-site scripting (XSS) vulnerability in install.php in C-Unchangeds.fr C-Unchangeds 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the etape parameter. Medium May 15, 2008
CVE-2008-2220 Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to modules/forum/embedforum.php and the (2) CONFIG[BASE_PATH] parameter to modules/scorm/lib.inc.php, different vectors than CVE-2006-4448. High May 15, 2008
CVE-2008-2221 Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors. High May 15, 2008
CVE-2008-2222 SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote attackers to bypass EQdkp user authentication via the user_id parameter. High May 15, 2008
CVE-2008-2223 SQL injection vulnerability in group_posts.php in vShare YouTube Clone 2.6 allows remote attackers to execute arbitrary SQL commands via the tid parameter. High May 15, 2008
CVE-2008-2224 Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _saz[settings][site_dir] parameter to layouts/default/header.saz.php and the (2) _saz[settings][site_url] parameter to admin/alayouts/default/pages/login.php. Medium May 15, 2008
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online