Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 223531 entries
IDDescriptionPriorityModified date
CVE-2008-4516 SQL injection vulnerability in galerie.php in Galerie 3.2 allows remote attackers to execute arbitrary SQL commands via the pic parameter. High Oct 9, 2008
CVE-2008-4515 Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript. High Oct 9, 2008
CVE-2008-4514 The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error. Medium Oct 9, 2008
CVE-2008-4513 Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags. Medium Oct 9, 2008
CVE-2008-4512 ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. Medium Oct 9, 2008
CVE-2008-4511 Todd Woolums ASP Unchangeds Management, possibly 2.21, stores db/Unchangeds.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. Medium Oct 9, 2008
CVE-2008-4510 Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page. Medium Oct 9, 2008
CVE-2008-4509 Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory. High Oct 9, 2008
CVE-2008-4508 Stack-based buffer overflow in the file parsing function in Tonec Internet Download Manager, possibly 5.14 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AppleDouble file containing a long string. NOTE: this is probably a different vulnerability than CVE-2005-2210. High Oct 9, 2008
CVE-2008-4507 Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors. High Oct 9, 2008
CVE-2008-4506 Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to demote or delete a place superuser group via unknown vectors. High Oct 11, 2008
CVE-2008-4505 Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a nonstandard URL argument to the OpenDocument command. NOTE: due to lack of details from the vendor, it is not clear whether this is a vulnerability. High Oct 9, 2008
CVE-2008-4504 Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero DVD Player 3.0.8 allows user-assisted remote attackers to execute arbitrary code via an M3u file with a long entry. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Medium Oct 9, 2008
CVE-2008-4503 The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to clickjacking. Medium Oct 11, 2008
CVE-2008-4502 Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/. High Oct 9, 2008
CVE-2008-4501 Directory traversal vulnerability in the FTP server in Serv-U 7.3, and 7.2.0.1 and earlier, allows remote authenticated users to overwrite or create arbitrary files via a ..\\ (dot dot backslash) in the RNTO command. High Oct 9, 2008
CVE-2008-4500 Serv-U 7.3, and 7.2.0.1 and earlier, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using con:1. Medium Oct 9, 2008
CVE-2008-4499 Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php. High Oct 9, 2008
CVE-2008-4498 SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter. High Oct 9, 2008
CVE-2008-4497 SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter. High Oct 9, 2008
CVE-2008-4496 SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter. High Oct 9, 2008
CVE-2008-4495 SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter. High Oct 9, 2008
CVE-2008-4494 SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. High Oct 9, 2008
CVE-2008-4493 Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. Medium Oct 11, 2008
CVE-2008-4492 SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie. High Oct 8, 2008
CVE-2008-4491 Apple Mail.app 3.5 on Mac OS X, when Store draft messages on the server is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. Medium Oct 8, 2008
CVE-2008-4490 Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the userInfo cookie. Medium Oct 8, 2008
CVE-2008-4489 Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme_chosen parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. High Oct 10, 2008
CVE-2008-4488 Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Medium Oct 10, 2008
CVE-2008-4487 SQL injection vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) site_name, (2) email, (3) theme_chosen, (4) hp, (5) c_meta, (6) id, and (7) c_js parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Medium Oct 10, 2008
CVE-2008-4486 Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. High Oct 8, 2008
CVE-2008-4485 Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL. Medium Oct 8, 2008
CVE-2008-4484 main.php in Crux Gallery 1.32 and earlier assumes that the user is an administrator if the name parameter is not users, which allows remote attackers to gain administrative access by setting the name parameter to users, as demonstrated via index.php. Medium Oct 8, 2008
CVE-2008-4483 Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter. Medium Oct 8, 2008
CVE-2008-4482 The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file. High Oct 8, 2008
CVE-2008-4481 Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Medium Oct 8, 2008
CVE-2008-4480 Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer. High Oct 15, 2008
CVE-2008-4479 Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header. High Oct 15, 2008
CVE-2008-4478 Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow. High Oct 15, 2008
CVE-2008-4477 alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack on the test.alert.log temporary file. High Oct 17, 2008
CVE-2008-4476 sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability. High Oct 8, 2008
CVE-2008-4475 ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files. High Oct 8, 2008
CVE-2008-4474 freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct. High Oct 10, 2008
CVE-2008-4473 Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters. High Oct 20, 2008
CVE-2008-4472 The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method. High Oct 7, 2008
CVE-2008-4471 Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via ..\\ sequences in the argument to the SaveAS method. High Oct 7, 2008
CVE-2008-4470 Stack-based buffer overflow in Numark CUE 5.0 rev2 allows user-assisted attackers to cause a denial of service (application crash) or execute arbitrary code via an M3U playlist file that contains a long absolute pathname. High Oct 7, 2008
CVE-2008-4469 SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the coder_id parameter. High Oct 7, 2008
CVE-2008-4468 SQL injection vulnerability in view_Unchangeds.php in Vastal I-Tech Share Zone allows remote attackers to execute arbitrary SQL commands via the id parameter. High Oct 7, 2008
CVE-2008-4467 SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attackers to execute arbitrary SQL commands via the id parameter. High Oct 7, 2008
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online