Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 139359 entries
IDDescriptionPriorityModified date
CVE-2008-0636 Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to About/SC_About.htm, which provides version and patch information. Medium Feb 14, 2008
CVE-2008-0635 Unspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors. High Feb 7, 2008
CVE-2008-0634 Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1, as used in Sejoong Namo ActiveSquare6, allows remote attackers to execute arbitrary code via a long argument to the Install method, a different vulnerability than CVE-2008-0551. High Feb 7, 2008
CVE-2008-0633 Buffer overflow in Anon Proxy Server 0.102 and earlier, when user authentication is enabled, allows remote attackers to cause a denial of service (exception) via a user name with a large number of quotes, which triggers the overflow during escaping. Medium Feb 7, 2008
CVE-2008-0632 Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root directory. High Feb 7, 2008
CVE-2008-0631 Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow remote attackers to (1) overwrite arbitrary files via the SaveToDisk method, or (2) modify files via the AddStringToFile method. Medium Feb 7, 2008
CVE-2008-0630 Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL, which causes the buffer to be reused by the unescape code. Medium Feb 7, 2008
CVE-2008-0629 Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r25824 allows remote user-assisted attackers to execute arbitrary code via a CDDB database entry containing a long album title. Medium Feb 7, 2008
CVE-2008-0628 The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources. High Feb 7, 2008
CVE-2008-0627 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6304. Reason: This candidate is a duplicate of CVE-2007-6304. Notes: All CVE users should reference CVE-2007-6304 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Low Feb 7, 2008
CVE-2008-0626 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6303. Reason: This candidate is a duplicate of CVE-2007-6303. Notes: All CVE users should reference CVE-2007-6303 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Low Feb 7, 2008
CVE-2008-0625 Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in Yahoo! Music Jukebox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddBitmap method. Medium Feb 7, 2008
CVE-2008-0624 Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! JukeBox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddButton method, a different vulnerability than CVE-2008-0623. Medium Feb 12, 2008
CVE-2008-0623 Stack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method. Medium Feb 7, 2008
CVE-2008-0622 Cross-site scripting (XSS) vulnerability in RaidenHTTPD 2.0.19 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the ulang parameter. Medium Feb 6, 2008
CVE-2008-0621 Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands. High Feb 6, 2008
CVE-2008-0620 SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate. High Feb 6, 2008
CVE-2008-0619 Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file. High Feb 6, 2008
CVE-2008-0618 Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to unspecified programs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Medium Feb 6, 2008
CVE-2008-0617 Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter to wp-admin/admin.php, or the (2) messagefield parameter in the guestbook page, and the (3) title parameter in the messagearea. Medium Feb 6, 2008
CVE-2008-0616 SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. Medium Feb 6, 2008
CVE-2008-0615 Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters. Medium Feb 6, 2008
CVE-2008-0614 SQL injection vulnerability in index.php in Photokorn Gallery 1.543 allows remote attackers to execute arbitrary SQL commands via the pic parameter in a showpic action. High Feb 6, 2008
CVE-2008-0613 Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter. Medium Feb 6, 2008
CVE-2008-0612 Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. High Feb 6, 2008
CVE-2008-0611 SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. High Feb 6, 2008
CVE-2008-0610 Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value. High Feb 6, 2008
CVE-2008-0609 Directory traversal vulnerability in index.php in DivideConcept VHD Web Pack 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. High Feb 6, 2008
CVE-2008-0608 The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823. Medium Feb 6, 2008
CVE-2008-0607 SQL injection vulnerability in index.php in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) 2.5.3 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. High Feb 6, 2008
CVE-2008-0606 SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter. High Feb 6, 2008
CVE-2008-0605 Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the (1) txtSearch parameter to operator/article/article_search_results.asp and the (2) Attach_Id parameter to operator/article/article_attachment.asp. NOTE: for vector 2, the XSS occurs in a forced SQL error message. Medium Feb 26, 2008
CVE-2008-0604 The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions. Medium Feb 6, 2008
CVE-2008-0603 SQL injection vulnerability in index.php in the amazOOP Awesom! (com_awesom) 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task. High Feb 6, 2008
CVE-2008-0602 Directory traversal vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the class_name parameter. Medium Feb 6, 2008
CVE-2008-0601 SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter. High Feb 6, 2008
CVE-2008-0600 The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010. High Feb 13, 2008
CVE-2008-0599 cgi_main.c in PHP before 5.2.6 does not properly calculate the length of PATH_TRANSLATED, which has unknown impact and attack vectors. High May 9, 2008
CVE-2008-0598 Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary. Medium Jul 1, 2008
CVE-2008-0597 Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets. Medium Feb 26, 2008
CVE-2008-0596 Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers. Medium Feb 26, 2008
CVE-2008-0595 dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface. High Feb 29, 2008
CVE-2008-0594 Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks. Medium Feb 11, 2008
CVE-2008-0593 Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems. Medium Feb 14, 2008
CVE-2008-0592 Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser. Medium Feb 11, 2008
CVE-2008-0591 Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2". Medium Feb 28, 2008
CVE-2008-0590 Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command. High Feb 5, 2008
CVE-2008-0589 The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors. Medium Feb 5, 2008
CVE-2008-0588 Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. High Feb 5, 2008
CVE-2008-0587 Buffer overflow in the uspchrp program in devices.chrp.base.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. High Feb 5, 2008
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online