Total
3242 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-7019 | 1 Esqlanelapse | 1 Esqlanelapse | 2023-12-10 | 7.5 HIGH | N/A |
Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authentication and gain privileges via modified (1) enombre and (2) euri cookies. | |||||
CVE-2008-1883 | 1 Blackboard | 1 Blackboard Academic Suite | 2023-12-10 | 6.8 MEDIUM | N/A |
The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string. | |||||
CVE-2009-1618 | 1 Teraway | 1 Livehelp | 2023-12-10 | 7.5 HIGH | N/A |
Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie. | |||||
CVE-2008-6707 | 1 Avaya | 2 Communication Manager, Sip Enablement Services | 2023-12-10 | 6.4 MEDIUM | N/A |
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help." | |||||
CVE-2008-3610 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.6 HIGH | N/A |
Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list. | |||||
CVE-2008-4146 | 1 Addalink | 1 Addalink | 2023-12-10 | 5.0 MEDIUM | N/A |
Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field. | |||||
CVE-2008-4622 | 1 Phpfastnews | 1 Phpfastnews | 2023-12-10 | 7.5 HIGH | N/A |
The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1. | |||||
CVE-2009-0614 | 1 Cisco | 1 Unified Meetingplace Web Conferencing | 2023-12-10 | 9.0 HIGH | N/A |
Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL. | |||||
CVE-2009-2040 | 1 Grestul | 1 Grestul | 2023-12-10 | 7.5 HIGH | N/A |
admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request. | |||||
CVE-2008-1971 | 1 Phphq | 1 Phshoutbox Final | 2023-12-10 | 7.5 HIGH | N/A |
phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php. | |||||
CVE-2008-6857 | 1 Xigla | 1 Absolute Podcast.net | 2023-12-10 | 7.5 HIGH | N/A |
Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
CVE-2008-4721 | 1 Php Jabbers | 1 Post Comment | 2023-12-10 | 7.5 HIGH | N/A |
PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged." | |||||
CVE-2008-6858 | 1 Xigla | 1 Absolute Banner Manager.net | 2023-12-10 | 7.5 HIGH | N/A |
Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
CVE-2008-7028 | 1 Aves | 1 Rpg Board | 2023-12-10 | 7.5 HIGH | N/A |
RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges by setting the keep4u cookie to a certain value. | |||||
CVE-2009-2063 | 1 Opera | 1 Opera Browser | 2023-12-10 | 6.8 MEDIUM | N/A |
Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. | |||||
CVE-2008-0706 | 2 Compaq, Hp | 4 Presario A900, Presario C700, G7000 and 1 more | 2023-12-10 | 7.2 HIGH | N/A |
Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password. | |||||
CVE-2009-0412 | 1 Interspire | 1 Shopping Cart | 2023-12-10 | 7.5 HIGH | N/A |
The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt. | |||||
CVE-2008-6440 | 2 Cerberus, Webgroupmedia | 2 Cerberus Helpdesk, Cerberus Helpdesk | 2023-12-10 | 5.0 MEDIUM | N/A |
Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs. | |||||
CVE-2008-1938 | 1 Sony | 1 Mylo Com 2 | 2023-12-10 | 6.4 MEDIUM | N/A |
Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks. | |||||
CVE-2008-1395 | 1 Plone | 1 Plone Cms | 2023-12-10 | 7.5 HIGH | N/A |
Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes it easier for context-dependent attackers to reuse a logged-out session. |