Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 150584 entries
IDDescriptionPriorityModified date
CVE-2009-0330 Directory traversal vulnerability in index.php in Simple Content Management System (SCMS) 1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter. Medium Jan 29, 2009
CVE-2009-0333 SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php. High Jan 29, 2009
CVE-2009-0335 Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to inject arbitrary web script or HTML via the view parameter. Medium Jan 29, 2009
CVE-2009-0336 Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained from third party information. Medium Jan 29, 2009
CVE-2009-0337 SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. High Jan 29, 2009
CVE-2009-0338 Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to inject arbitrary web script or HTML via the CategoryID parameter in a refer action. Medium Jan 29, 2009
CVE-2009-0340 Multiple directory traversal vulnerabilities in Simple PHP Unchangedsletter 1.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the olang parameter to (1) mail.php and (2) mailbar.php. Medium Jan 29, 2009
CVE-2007-2795 Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon. High Jan 28, 2009
CVE-2007-6716 fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. Medium Jan 28, 2009
CVE-2008-0304 Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview. High Jan 28, 2009
CVE-2008-5982 Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message. High Jan 28, 2009
CVE-2008-5984 Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). Medium Jan 28, 2009
CVE-2008-5985 Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). Medium Jan 28, 2009
CVE-2008-5986 Untrusted search path vulnerability in the (1) VST plugin with Python scripting and (2) VST plugin for writing score generators in Python in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). Medium Jan 28, 2009
CVE-2008-5987 Untrusted search path vulnerability in the Python interface in eog 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). Medium Jan 28, 2009
CVE-2008-5988 SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS for Government allows remote attackers to execute arbitrary SQL commands via the id parameter. High Jan 28, 2009
CVE-2008-5989 Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter. Medium Jan 28, 2009
CVE-2008-5992 Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) 2.0 allow remote attackers to execute arbitrary SQL commands via the KayitNo parameter to (1) diger.php and (2) sayfalar.php. High Jan 28, 2009
CVE-2008-5993 Directory traversal vulnerability in image.php in Barcode Generator 1D (barcodegen) 2.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the code parameter. High Jan 28, 2009
CVE-2008-5994 Cross-site scripting (XSS) vulnerability in index.php in Check Point Connectra NGX R62 HFA_01 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Medium Jan 28, 2009
CVE-2008-5995 Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_freecap) extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Medium Jan 28, 2009
CVE-2008-5997 Absolute path traversal vulnerability in admin/fileKontrola/browser.asp in Omnicom Content Platform (OCP) 2.0 allows remote attackers to list arbitrary directories via a full pathname in the root parameter. High Jan 28, 2009
CVE-2008-5998 Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with update ajax checklists permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters. Medium Jan 28, 2009
CVE-2008-5999 Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter. Low Jan 28, 2009
CVE-2009-0032 CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. Medium Jan 28, 2009
CVE-2009-0171 The Sun SPARC Enterprise M4000 and M5000 Server, within a certain range of serial numbers, allows remote attackers to use the manufacturing root password, perform a root login to the eXtended System Control Facility Unit (aka XSCFU or Service Processor), and have unspecified other impact. High Jan 28, 2009
CVE-2009-0291 Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter. High Jan 28, 2009
CVE-2009-0292 SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter. High Jan 28, 2009
CVE-2009-0295 SQL injection vulnerability in index.php in Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. Medium Jan 28, 2009
CVE-2009-0296 SQL injection vulnerability in shop_display_products.php in Script Toko Online 5.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. High Jan 28, 2009
CVE-2009-0299 SQL injection vulnerability in index.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter. High Jan 28, 2009
CVE-2009-0301 Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX control (FlexCell.ocx) in FlexCell Grid Control 5.6.9 allow remote attackers to create and overwrite arbitrary files via the (1) SaveFile and (2) ExportToXML methods. Medium Jan 28, 2009
CVE-2009-0302 SQL injection vulnerability in the Downloads 8.0 module for PHP-Nuke, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php. Medium Jan 28, 2009
CVE-2009-0303 Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to encoded JavaScript and Helpdesk.woa. Medium Jan 28, 2009
CVE-2009-0311 The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer. High Jan 28, 2009
CVE-2009-0312 Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content. Medium Jan 28, 2009
CVE-2009-0313 winetricks before 20081223 allows local users to overwrite arbitrary files via a symlink attack on the x_showmenu.txt temporary file. Medium Jan 28, 2009
CVE-2009-0314 Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). Medium Jan 28, 2009
CVE-2009-0315 Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). Medium Jan 28, 2009
CVE-2009-0316 Untrusted search path vulnerability in the Python module in vim allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). Medium Jan 28, 2009
CVE-2009-0317 Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). Medium Jan 28, 2009
CVE-2008-5969 SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower allows remote attackers to execute arbitrary SQL commands via the id parameter. High Jan 27, 2009
CVE-2008-5970 SQL injection vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to execute arbitrary SQL commands via the id parameter. Medium Jan 27, 2009
CVE-2008-5971 Cross-site scripting (XSS) vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to inject arbitrary web script or HTML via the id parameter. Medium Jan 27, 2009
CVE-2008-5972 SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. High Jan 27, 2009
CVE-2008-5973 SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. High Jan 27, 2009
CVE-2008-5974 Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields. High Jan 27, 2009
CVE-2008-5975 SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. High Jan 27, 2009
CVE-2008-5976 Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgot.php in PHP JOBWEBSITE PRO allow remote attackers to inject arbitrary web script or HTML via (1) the adname parameter in a Submit action or (2) the UserName field. Medium Jan 27, 2009
CVE-2008-5977 SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action. High Jan 27, 2009
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online