Total
3240 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-7045 | 1 Ajsquare | 1 Free Polling Script | 2023-12-10 | 6.4 MEDIUM | N/A |
AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to bypass authentication and reset poll votes via a direct request to admin/resetvote.php. | |||||
CVE-2008-1238 | 1 Mozilla | 2 Firefox, Seamonkey | 2023-12-10 | 5.0 MEDIUM | N/A |
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms. | |||||
CVE-2009-2069 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 5.8 MEDIUM | N/A |
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | |||||
CVE-2008-7041 | 1 Ajsquare | 1 Aj Classifieds | 2023-12-10 | 7.5 HIGH | N/A |
AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php. | |||||
CVE-2008-6523 | 1 Cale Dunlap | 1 Openinvoice | 2023-12-10 | 7.5 HIGH | N/A |
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users. | |||||
CVE-2008-5964 | 1 Impresscms | 1 Impresscms | 2023-12-10 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
CVE-2009-3423 | 1 Zenas | 1 Paolink | 2023-12-10 | 6.8 MEDIUM | N/A |
login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1. | |||||
CVE-2008-6092 | 1 Phpscripts | 1 Ranking-script | 2023-12-10 | 7.5 HIGH | N/A |
phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie. | |||||
CVE-2008-3611 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.3 MEDIUM | N/A |
Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen. | |||||
CVE-2008-5708 | 1 Slimcms | 1 Slimcms | 2023-12-10 | 7.5 HIGH | N/A |
redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1. | |||||
CVE-2008-0536 | 2 Cisco, Icon-labs | 2 Service Control Engine, Iconfidant Ssh | 2023-12-10 | 7.8 HIGH | N/A |
Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers "illegal I/O operations," aka Bug ID CSCsh49563. | |||||
CVE-2008-6854 | 1 Xigla | 1 Absolute Faq Manager .net | 2023-12-10 | 7.5 HIGH | N/A |
Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
CVE-2008-3814 | 1 Cisco | 1 Unity | 2023-12-10 | 5.8 MEDIUM | N/A |
Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once. | |||||
CVE-2008-3428 | 1 Phpfreechat | 1 Phpfreechat | 2023-12-10 | 6.5 MEDIUM | N/A |
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter. | |||||
CVE-2009-0128 | 1 Llnl | 1 Slurm | 2023-12-10 | 5.0 MEDIUM | N/A |
plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Resource Management (aka SLURM or slurm-llnl) does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
CVE-2008-3319 | 1 Maian | 1 Links | 2023-12-10 | 7.5 HIGH | N/A |
admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie. | |||||
CVE-2009-2060 | 1 Google | 1 Chrome | 2023-12-10 | 5.8 MEDIUM | N/A |
src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | |||||
CVE-2009-3966 | 1 Arcadetradescript | 1 Arcade Trade Script | 2023-12-10 | 7.5 HIGH | N/A |
Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true. | |||||
CVE-2009-3862 | 1 Novell | 1 Edirectory | 2023-12-10 | 5.0 MEDIUM | N/A |
The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value. | |||||
CVE-2008-5219 | 1 Videoscript | 1 Videoscript | 2023-12-10 | 7.5 HIGH | N/A |
The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters. |