Total
3233 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5221 | 1 Wportfolio | 1 Wportfolio | 2023-12-10 | 7.5 HIGH | N/A |
The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters. | |||||
CVE-2008-7046 | 1 Ajsquare | 1 Free Polling Script | 2023-12-10 | 6.4 MEDIUM | N/A |
AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-2070 | 1 Opera | 1 Opera Browser | 2023-12-10 | 6.8 MEDIUM | N/A |
Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | |||||
CVE-2008-2347 | 1 Mypicgallery | 1 Mypicgallery | 2023-12-10 | 7.5 HIGH | N/A |
MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php. | |||||
CVE-2009-0256 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication. | |||||
CVE-2008-6719 | 1 Uochm | 1 Justlistit | 2023-12-10 | 7.5 HIGH | N/A |
U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) start.php, (2) aktivitet.php, (3) prop_aktivitet.php, (4) kategorier.php, (5) konfig.php, (6) security.php, (7) manual.php, and possibly (8) index.php. | |||||
CVE-2008-7006 | 1 Phpversion | 1 Php Vx Guestbook | 2023-12-10 | 5.0 MEDIUM | N/A |
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to admin/backupdb.php. | |||||
CVE-2009-2231 | 1 Mid.as | 1 Midas | 2023-12-10 | 7.5 HIGH | N/A |
MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie. | |||||
CVE-2008-6039 | 1 Bluepage | 1 Bluepage Cms | 2023-12-10 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
CVE-2008-3815 | 1 Cisco | 2 Asa 5500, Pix | 2023-12-10 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. | |||||
CVE-2009-1504 | 1 Xigla | 1 Absolute Control Panel Xe | 2023-12-10 | 7.5 HIGH | N/A |
Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1." | |||||
CVE-2008-3264 | 1 Asterisk | 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more | 2023-12-10 | 7.8 HIGH | N/A |
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request. | |||||
CVE-2008-3317 | 1 Maian Script World | 1 Maian Search | 2023-12-10 | 7.5 HIGH | N/A |
admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie. | |||||
CVE-2009-2863 | 1 Cisco | 1 Ios | 2023-12-10 | 7.1 HIGH | N/A |
Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227. | |||||
CVE-2008-5082 | 1 Redhat | 2 Dogtag Certificate System, Certificate System | 2023-12-10 | 6.0 MEDIUM | N/A |
The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key. | |||||
CVE-2009-1617 | 1 Teraway | 1 Linktracker | 2023-12-10 | 7.5 HIGH | N/A |
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie. | |||||
CVE-2008-6815 | 1 Myktools | 1 Myktools | 2023-12-10 | 5.0 MEDIUM | N/A |
mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup. | |||||
CVE-2009-1390 | 3 Gnu, Mutt, Openssl | 3 Gnutls, Mutt, Openssl | 2023-12-10 | 6.8 MEDIUM | N/A |
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack. | |||||
CVE-2009-3923 | 1 Sun | 2 Virtual Desktop Infrastructure, Virtualbox | 2023-12-10 | 7.5 HIGH | N/A |
The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server. | |||||
CVE-2009-0360 | 1 Eyrie | 1 Pam-krb5 | 2023-12-10 | 6.2 MEDIUM | N/A |
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application. |