Total
3212 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-4784 | 1 Aflog | 1 Aflog | 2023-12-10 | 7.5 HIGH | N/A |
aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php. | |||||
CVE-2008-6738 | 1 Mark Girling | 1 Myshoutpro | 2023-12-10 | 7.5 HIGH | N/A |
MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1. | |||||
CVE-2008-3503 | 1 Webgui | 1 Plain Black Webgui | 2023-12-10 | 5.0 MEDIUM | N/A |
RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data). | |||||
CVE-2009-2257 | 1 Netgear | 1 Dg632 | 2023-12-10 | 7.8 HIGH | N/A |
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/. | |||||
CVE-2008-2269 | 1 Kevin Ludlow | 1 Austinsmoke Gastracker | 2023-12-10 | 7.5 HIGH | N/A |
AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers to bypass authentication and gain privileges by setting the gastracker_admin cookie to TRUE. | |||||
CVE-2008-6856 | 1 Xigla | 1 Absolute News Manager.net | 2023-12-10 | 7.5 HIGH | N/A |
Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
CVE-2008-3579 | 2 Calacode, Linux | 2 Atmail, Linux Kernel | 2023-12-10 | 7.8 HIGH | N/A |
Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitation of CVE-2008-3395. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-2920 | 1 Ezcms | 1 Eztechhelp Ezcms | 2023-12-10 | 7.5 HIGH | N/A |
admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and earlier does not require authentication, which allows remote attackers to create, modify, read, and delete files. | |||||
CVE-2008-1327 | 1 Gallarific | 1 Gallarific | 2023-12-10 | 7.5 HIGH | N/A |
Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2003-1574 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2023-12-10 | 7.5 HIGH | N/A |
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-3033 | 1 Rss Aggregator | 1 Rss Aggregator | 2023-12-10 | 9.3 HIGH | N/A |
RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php. | |||||
CVE-2008-6455 | 1 Edikon | 1 Phpshop | 2023-12-10 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-0129 | 1 Perl-openssl | 1 Libcrypt-openssl-dsa-perl | 2023-12-10 | 5.0 MEDIUM | N/A |
libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
CVE-2008-7027 | 1 Libra File Manager | 1 Php Filemanager | 2023-12-10 | 7.5 HIGH | N/A |
Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1. | |||||
CVE-2008-3292 | 1 Ezwebalbum | 1 Ezwebalbum | 2023-12-10 | 6.4 MEDIUM | N/A |
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php. | |||||
CVE-2009-0653 | 1 Openssl | 1 Openssl | 2023-12-10 | 7.5 HIGH | N/A |
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970. | |||||
CVE-2008-3375 | 1 Jamroom | 1 Jamroom | 2023-12-10 | 7.5 HIGH | N/A |
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie. | |||||
CVE-2008-3738 | 1 Spacetag | 1 Lacoodast | 2023-12-10 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | |||||
CVE-2008-5065 | 1 Easy-script | 1 Tlguesbook | 2023-12-10 | 7.5 HIGH | N/A |
TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin. | |||||
CVE-2008-5221 | 1 Wportfolio | 1 Wportfolio | 2023-12-10 | 7.5 HIGH | N/A |
The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters. |