Total
3232 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-6601 | 3 Debian, Fedoraproject, Postgresql | 3 Debian Linux, Fedora, Postgresql | 2023-12-10 | 7.2 HIGH | N/A |
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278. | |||||
CVE-2008-0466 | 1 Webwiz | 3 Web Wiz Forums, Web Wiz Newspad, Web Wiz Rich Text Editor | 2023-12-10 | 5.0 MEDIUM | N/A |
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability. | |||||
CVE-2008-0410 | 1 Hfs | 1 Http File Server | 2023-12-10 | 5.0 MEDIUM | N/A |
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL. | |||||
CVE-2008-1244 | 1 Belkin | 1 F5d7230-4 | 2023-12-10 | 10.0 HIGH | N/A |
cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected. | |||||
CVE-2008-0823 | 1 Drupal | 1 Header Image | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors. | |||||
CVE-2007-2277 | 1 Plogger | 1 Plogger | 2023-12-10 | 7.5 HIGH | N/A |
Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
CVE-2008-0476 | 1 Manageengine | 1 Applications Manager | 2023-12-10 | 6.4 MEDIUM | N/A |
ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-2243 | 1 Openbsd | 1 Openssh | 2023-12-10 | 5.0 MEDIUM | N/A |
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483. | |||||
CVE-2007-4419 | 1 Olate | 1 Olatedownload | 2023-12-10 | 9.3 HIGH | N/A |
Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area. | |||||
CVE-2007-1952 | 1 Onelook | 1 Onebyone Cms | 2023-12-10 | 7.5 HIGH | N/A |
Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | |||||
CVE-2008-1262 | 1 Airspan | 1 Wimax Prost | 2023-12-10 | 10.0 HIGH | N/A |
The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/. | |||||
CVE-2006-6783 | 1 Logahead | 1 Logahead Unu | 2023-12-10 | 7.5 HIGH | N/A |
logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-0150 | 1 Aruba Networks | 1 Aruba Mobility Controllers | 2023-12-10 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access. | |||||
CVE-2006-2380 | 1 Microsoft | 1 Windows 2000 | 2023-12-10 | 4.3 MEDIUM | N/A |
Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." | |||||
CVE-2005-4861 | 1 Jasio.net | 1 Ragnarok Online Control Panel | 2023-12-10 | 7.5 HIGH | N/A |
functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function. | |||||
CVE-2006-3583 | 1 Jetbox | 1 Jetbox Cms | 2023-12-10 | 7.5 HIGH | N/A |
Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section. | |||||
CVE-2005-1957 | 1 Adam Mmedici | 1 File Upload Manager | 2023-12-10 | 7.5 HIGH | N/A |
mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action. | |||||
CVE-2005-1020 | 1 Cisco | 1 Ios | 2023-12-10 | 7.1 HIGH | N/A |
Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. | |||||
CVE-2006-4244 | 1 Sql-ledger | 1 Sql-ledger | 2023-12-10 | 7.5 HIGH | N/A |
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value. | |||||
CVE-2006-2113 | 2 Dell, Fuji Xerox | 19 3000cn, 3010cn, 3100cn and 16 more | 2023-12-10 | 6.4 MEDIUM | N/A |
The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server. |