Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 110596 entries
IDDescriptionPriorityModified date
CVE-2008-0731 The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmored task. High Feb 13, 2008
CVE-2008-0730 The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of other users. Medium Feb 13, 2008
CVE-2008-0729 Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers to cause a denial of service (memory exhaustion and device crash) via certain JavaScript code that constructs a long string and an array containing long string elements, possibly a related issue to CVE-2006-3677. NOTE: some of these details are obtained from third party information. High Feb 13, 2008
CVE-2008-0728 The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption." High Feb 26, 2008
CVE-2008-0727 Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value. High Mar 18, 2008
CVE-2008-0726 Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption. Medium Feb 12, 2008
CVE-2008-0725 Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command. NOTE: the USER and PASS commands for the FTP service are covered by CVE-2008-0702. High Feb 12, 2008
CVE-2008-0724 The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts. Medium Feb 12, 2008
CVE-2008-0723 Cross-site scripting (XSS) vulnerability in myUnchangeds.inc.php in MyUnchangeds 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1. Medium Feb 12, 2008
CVE-2008-0722 Cross-site scripting (XSS) vulnerability in index.php in Pagetool 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter in a pagetool_search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Medium Feb 12, 2008
CVE-2008-0721 SQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter. High Feb 12, 2008
CVE-2008-0720 Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a "search box" or "open file box." NOTE: some of these details are obtained from third party information. Medium Feb 12, 2008
CVE-2008-0719 SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter. High Feb 12, 2008
CVE-2008-0718 Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors. Medium Feb 25, 2008
CVE-2008-0717 Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response. Medium Feb 12, 2008
CVE-2008-0716 The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 allows local users to gain privileges via a "Shatter" style attack. Medium Feb 12, 2008
CVE-2008-0715 Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 allows user-assisted remote attackers to execute arbitrary code via a malformed XBM file. NOTE: this might be the same as CVE-2007-6009. High Feb 22, 2008
CVE-2008-0714 SQL injection vulnerability in users.php in Mihalism Multi Host allows remote attackers to execute arbitrary SQL commands via the username parameter in a lost_password_go action. Medium Feb 22, 2008
CVE-2008-0713 Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors. Medium May 13, 2008
CVE-2008-0712 Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513. Medium Apr 28, 2008
CVE-2008-0711 Unspecified vulnerability in the embedded management console in HP iLO-2 Management Processors (iLO-2 MP), as used in Integrity Servers rx2660, rx3600, and rx6600, and Integrity Blade Server model bl860c, allows remote attackers to cause a denial of service via unknown vectors. High Apr 8, 2008
CVE-2008-0709 Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214. Medium Apr 8, 2008
CVE-2008-0708 HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) 442085-B21 for certain HP ProLiant servers contain the (a) W32.Fakerecy and (b) W32.SillyFDC worms, which might be launched if the server does not have up-to-date detection. Medium Apr 7, 2008
CVE-2008-0707 HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX B.11.11 and B.11.23 allows local users to gain privileges via unspecified vectors. High Mar 20, 2008
CVE-2008-0706 Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password. HIGH --
CVE-2008-0704 Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Services on OpenVMS on the Alpha platform with 5.4 before ECO 7, and on the Integrity and Alpha platforms with 5.5 before ECO 3 and 5.6 before ECO 2, allows remote attackers to obtain unspecified access via unknown vectors. High Mar 31, 2008
CVE-2008-0703 Multiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) permalink or (2) section parameter to index.php, possibly involving includes/entries.inc.php and other files included by index.php. Medium Feb 12, 2008
CVE-2008-0702 Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641. High Feb 22, 2008
CVE-2008-0701 ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a Unchanged item, possibly involving addition of arbitrary Unchanged content. Medium Feb 22, 2008
CVE-2008-0700 Cross-site scripting (XSS) vulnerability in search.php in Crux Software CruxCMS 3.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Medium Feb 12, 2008
CVE-2008-0699 Unspecified vulnerability in SYSPROC.ADMIN_SP_C in IBM DB2 UDB before 8.2 Fixpak 16 has unknown impact and attack vectors. High Feb 12, 2008
CVE-2008-0698 Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access." High Feb 12, 2008
CVE-2008-0697 Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors. High Feb 12, 2008
CVE-2008-0696 IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors. High Feb 12, 2008
CVE-2008-0695 SQL injection vulnerability in index.php in BookmarkX script 2007 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a showtopic action. High Feb 12, 2008
CVE-2008-0694 Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. Medium Feb 12, 2008
CVE-2008-0693 Stack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 Client Billing and Authentication 7.0.127.16 allows remote attackers to cause a denial of service (service outage) via a series of long packets to TCP port 48101. High Feb 12, 2008
CVE-2008-0692 SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. High Feb 12, 2008
CVE-2008-0691 Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], and (4) wp_footnotes_current_settings[post_footnotes] parameters. Medium Feb 12, 2008
CVE-2008-0690 SQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action. High Feb 12, 2008
CVE-2008-0689 SQL injection vulnerability in index.php in the Marketplace (com_marketplace) 1.1.1 and 1.1.1-pl1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_category action. High Feb 12, 2008
CVE-2008-0688 Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript Domain Trader 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a viewcategory action. Medium Feb 12, 2008
CVE-2008-0687 Cross-site scripting (XSS) vulnerability in siteadmin/editor_files/includes/load_message.php in the Youtube Clone Script allows remote attackers to inject arbitrary web script or HTML via the lang[please_wait] parameter. High Feb 12, 2008
CVE-2008-0686 SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. High Feb 12, 2008
CVE-2008-0685 SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter. High Feb 12, 2008
CVE-2008-0684 Cross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to inject arbitrary web script or HTML via the CatID parameter. Medium Feb 12, 2008
CVE-2008-0683 SQL injection vulnerability in shiftthis-preview.php in the st_Unchangedsletter plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the Unchangedsletter parameter. High Feb 12, 2008
CVE-2008-0682 SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter. High Feb 26, 2008
CVE-2008-0681 SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action. Medium Feb 12, 2008
CVE-2008-0680 SNMPd in MicroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request. High Feb 12, 2008
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online