Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 219631 entries
IDDescriptionPriorityModified date
CVE-2008-5850 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate was originally recorded for a SPLAT Remote Root Exploit that was claimed to exist for Check Point SmartCenter. The claim has no actionable details and was disclosed by a person of unknown reliability who did not coordinate with the vendor. No people of known reliability have confirmed the original claim. The vendor has not indicated that they are aware of any vulnerability. Since the claim has no actionable details or independent verification, it is outside the scope of CVE according to current inclusion criteria. REJECT Jan 15, 2009
CVE-2008-5849 Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264. Medium Jan 6, 2009
CVE-2008-5848 The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module\'s Modbus/TCP I/O activity. High Jan 6, 2009
CVE-2008-5847 Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column. Low Jan 6, 2009
CVE-2008-5846 Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a system-wide entry listing screen. Medium Jan 9, 2009
CVE-2008-5845 Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template. Medium Jan 6, 2009
CVE-2008-5844 PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent attackers to conduct SQL injection attacks and unspecified other attacks. High Jan 9, 2009
CVE-2008-5843 Multiple untrusted search path vulnerabilities in pdfjam allow local users to gain privileges via a Trojan horse program in (1) the current working directory or (2) /var/tmp, related to the (a) pdf90, (b) pdfjoin, and (c) pdfnup scripts. Medium Jan 6, 2009
CVE-2008-5842 Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via vectors associated with (1) a demo application shipped with WebTransactions and possibly (2) an unspecified dynamic application. Medium Jan 6, 2009
CVE-2008-5841 Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3) id parameter to index.php in a viewarticle action. High Jan 5, 2009
CVE-2008-5840 PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpicalendar and phpicalendar_login cookies to 1. High Jan 5, 2009
CVE-2008-5839 Buffer overflow in Foxmail 6.5 allows remote attackers to execute arbitrary code via a long mailto URI in the HREF attribute of an A element. High Jan 5, 2009
CVE-2008-5838 SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. High Jan 5, 2009
CVE-2008-5828 Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. Medium Jan 5, 2009
CVE-2008-5827 The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag. High Jan 5, 2009
CVE-2008-5826 The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI. High Jan 5, 2009
CVE-2008-5825 The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \\r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone. Low Jan 5, 2009
CVE-2008-5824 Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file. Medium Jan 5, 2009
CVE-2008-5823 An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property. Medium Jan 10, 2009
CVE-2008-5822 Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service (memory consumption and browser hang) via a long CLASS attribute in an HR element in an HTML document. Medium Jan 5, 2009
CVE-2008-5821 Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. Medium Jan 10, 2009
CVE-2008-5820 SQL injection vulnerability in eDUnchangeds_view.php in eDreamers eDUnchangeds 2 allows remote attackers to execute arbitrary SQL commands via the Unchangedsid parameter. High Jan 5, 2009
CVE-2008-5819 Directory traversal vulnerability in eDUnchangeds_archive.php in eDreamers eDUnchangeds 2, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third party information. Medium Jan 5, 2009
CVE-2008-5818 Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third party information. Medium Jan 5, 2009
CVE-2008-5817 Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action. Medium Jan 5, 2009
CVE-2008-5816 SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter. High Jan 5, 2009
CVE-2008-5815 SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrary SQL commands via the id parameter. High Jan 5, 2009
CVE-2008-5814 Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208. Low Jan 5, 2009
CVE-2008-5813 SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information. High Jan 5, 2009
CVE-2008-5812 Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors. High Jan 5, 2009
CVE-2008-5811 SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php. High Jan 5, 2009
CVE-2008-5810 WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs. High Jan 5, 2009
CVE-2008-5809 futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id. Medium Jan 5, 2009
CVE-2008-5808 Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to application management. Medium Jan 2, 2009
CVE-2008-5807 Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl. Medium Jan 2, 2009
CVE-2008-5806 SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field). NOTE: some of these details are obtained from third party information. High Dec 31, 2008
CVE-2008-5805 SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828. High Dec 31, 2008
CVE-2008-5804 SQL injection vulnerability in admin/admin_catalog.php in e-topbiz Number Links 1 Php Script allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action. High Dec 31, 2008
CVE-2008-5803 SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field). NOTE: some of these details are obtained from third party information. High Jan 2, 2009
CVE-2008-5802 SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. High Dec 31, 2008
CVE-2008-5801 Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors. High Jan 2, 2009
CVE-2008-5800 SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. High Jan 2, 2009
CVE-2008-5799 Cross-site scripting (XSS) vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Medium Dec 31, 2008
CVE-2008-5798 SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. High Dec 31, 2008
CVE-2008-5797 SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. High Dec 31, 2008
CVE-2008-5796 SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. High Dec 31, 2008
CVE-2008-5795 Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Medium Nov 13, 2008
CVE-2008-5794 Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter. Medium Dec 31, 2008
CVE-2008-5793 Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php. Medium Dec 31, 2008
CVE-2008-5792 PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue. Medium Dec 31, 2008
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online