All customers except US A&D: to ensure that you can access all of your product downloads, you must log in to the Wind River Delivers portal https://delivers.windriver.com and visit the My Products page to force an initial sync of your product entitlement. Only after you’ve completed this step will you be able to access and download product content through the Artifacts, Registry, and Git interfaces. This also applies to users attempting to run the Wind River installer in maintenance or update mode or Linux installation updates at the command line.

Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 142792 entries
IDDescriptionPriorityModified date
CVE-2008-3776 Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. Medium Aug 26, 2008
CVE-2008-3775 Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the password, which allows local administrators to obtain sensitive information by reading and decrypting the QualityControl_pack registry value. Low Aug 25, 2008
CVE-2008-3774 SQL injection vulnerability in index.php in Simasy CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. High Aug 25, 2008
CVE-2008-3773 Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when Show Unchanged Private Message Notification Pop-Up is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka Unchangedpm[title]). Medium Aug 25, 2008
CVE-2008-3772 SQL injection vulnerability in categories_portal.php in Pars4u Videosharing 1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. High Aug 25, 2008
CVE-2008-3771 Cross-site scripting (XSS) vulnerability in members.php in Pars4u Videosharing 1 allows remote attackers to inject arbitrary web script or HTML via the PageNo parameter. Medium Aug 25, 2008
CVE-2008-3770 Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/account.php, and (4) french/account_Unchangedsletters.php in includes/languages/; (5) includes/modules/faqdesk/faqdesk_article_require.php; (6) includes/modules/Unchangedsdesk/Unchangedsdesk_article_require.php; (7) card1.php, (8) loginbox.php, and (9) whos_online.php in templates/Freeway/boxes/; and (10) templates/Freeway/mainpage_modules/mainpage.php. NOTE: vector 1 may be the same as CVE-2008-3677. High Aug 25, 2008
CVE-2008-3769 PHP remote file inclusion vulnerability in admin/create_order_Unchanged.php in Freeway 1.4.1.171, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the include_page parameter. Medium Aug 25, 2008
CVE-2008-3768 Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors. High Aug 25, 2008
CVE-2008-3767 SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter. High Aug 25, 2008
CVE-2008-3766 Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon) before 2.1.2 allows remote attackers to cause a denial of service (application crash) via malformed protocol messages. Medium Aug 25, 2008
CVE-2008-3765 SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter. High Aug 22, 2008
CVE-2008-3764 Eval injection vulnerability in chat.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters. High Aug 22, 2008
CVE-2008-3763 Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file. Medium Aug 22, 2008
CVE-2008-3762 SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php. High Aug 22, 2008
CVE-2008-3761 hcmon.sys in VMware Workstation 6.0.0.45731 uses the METHOD_NEITHER communication method for IOCTLs, which has an unknown impact (possibly crash) and local attack vectors via a crafted IOCTL request. Medium Aug 22, 2008
CVE-2008-3760 Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to trigger the logout of other users via a link or IMG tag to the SignOutNow action in people.php. Medium Aug 22, 2008
CVE-2008-3759 Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors. High Aug 22, 2008
CVE-2008-3758 Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the UnchangedPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. NOTE: some of these details are obtained from third party information. Medium Aug 22, 2008
CVE-2008-3757 SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix Script allows remote attackers to execute arbitrary SQL commands via the id parameter. High Aug 22, 2008
CVE-2008-3756 SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter. High Aug 22, 2008
CVE-2008-3755 SQL injection vulnerability in view.php in YourFreeWorld Classifieds Script allows remote attackers to execute arbitrary SQL commands via the category parameter. High Aug 22, 2008
CVE-2008-3754 SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter. High Aug 22, 2008
CVE-2008-3753 SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter. High Aug 22, 2008
CVE-2008-3752 SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. High Aug 22, 2008
CVE-2008-3751 SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter. High Aug 22, 2008
CVE-2008-3750 SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator Script allows remote attackers to execute arbitrary SQL commands via the id parameter. High Aug 22, 2008
CVE-2008-3749 SQL injection vulnerability in tr.php in Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter. High Aug 22, 2008
CVE-2008-3748 SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter. High Aug 22, 2008
CVE-2008-3747 The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie. High Aug 27, 2008
CVE-2008-3746 neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication and Digest domain parameter support. Medium Aug 27, 2008
CVE-2008-3745 The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors. Medium Aug 27, 2008
CVE-2008-3744 Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to (1) add or (2) delete user access rules as administrators via an unspecified URL. Medium Aug 27, 2008
CVE-2008-3743 Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements. Medium Aug 27, 2008
CVE-2008-3742 Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated. Medium Aug 27, 2008
CVE-2008-3741 The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML. Low Aug 27, 2008
CVE-2008-3740 Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Medium Aug 27, 2008
CVE-2008-3739 Cross-site scripting (XSS) vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences. Medium Aug 28, 2008
CVE-2008-3738 Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors. Medium Aug 28, 2008
CVE-2008-3737 Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to execute arbitrary PHP scripts, and delete files, read files, and possibly have unknown other impact. High Aug 28, 2008
CVE-2008-3736 Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to (a) change passwords or (b) change configurations as arbitrary users via unspecified vectors. Medium Aug 28, 2008
CVE-2008-3735 Cross-site scripting (XSS) vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action. Medium Aug 22, 2008
CVE-2008-3734 Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response). High Aug 22, 2008
CVE-2008-3733 Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .eop (aka playlist) file with a ProjectElement element that contains a long Name element. High Aug 21, 2008
CVE-2008-3732 Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. High Aug 21, 2008
CVE-2008-3731 Unspecified vulnerability in Serv-U File Server 7.x before 7.2.0.1 allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging. Medium Aug 21, 2008
CVE-2008-3730 Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Medium Aug 21, 2008
CVE-2008-3729 Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie. High Aug 21, 2008
CVE-2008-3728 Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests to files under LOG/. Medium Aug 21, 2008
CVE-2008-3727 Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. Medium Aug 21, 2008
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online