High

DATE	CVE	VULNERABILITY TITLE	RISK
2013-03-20	CVE-2013-0711	Improper Input Validation vulnerability in Windriver Vxworks IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outage) via a crafted authentication request. network low complexity windriver CWE-20	7.8
2010-08-05	CVE-2010-2968	Permissions, Privileges, and Access Controls vulnerability in Windriver Vxworks The FTP daemon in Wind River VxWorks does not close the TCP connection after a number of failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. network low complexity windriver CWE-264	7.8
2010-08-05	CVE-2010-2967	Cryptographic Issues vulnerability in Windriver Vxworks The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. network low complexity windriver CWE-310	7.8
2010-08-05	CVE-2010-2966	Credentials Management vulnerability in Windriver Vxworks The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. network low complexity windriver CWE-255	7.8
2007-09-18	CVE-2007-4938	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. network high complexity apple hp ibm linux mandrakesoft microsoft santa-cruz-operation sun windriver mplayer sgi CWE-119	7.6
2007-02-23	CVE-2006-7034	SQL-Injection vulnerability in Super Link Exchange Script Super Link Exchange Script 1.0 SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. network low complexity apple hp ibm linux microsoft santa-cruz-operation sun windriver super-link-exchange-script	7.5
2007-02-21	CVE-2007-1043	Authentication Bypass vulnerability in Ezboo Webstats 3.0.3 Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. network low complexity apple hp ibm linux microsoft santa-cruz-operation sun windriver ezboo	7.5