Total
4197 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5809 | 1 Futomi | 1 Access Analyzer Cgi | 2025-04-09 | N/A |
| futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id. | ||||
| CVE-2008-6861 | 1 Xigla | 1 Absolute Newsletter | 2025-04-09 | N/A |
| Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2008-2298 | 1 Sourceforge | 1 Web Slider | 2025-04-09 | N/A |
| Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1. | ||||
| CVE-2008-5721 | 1 Sapporoworks | 1 Blackjumbodog | 2025-04-09 | N/A |
| SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors. | ||||
| CVE-2008-5575 | 1 Proclanmanager | 1 Pro Clan Manager | 2025-04-09 | N/A |
| Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2008-5945 | 1 Nukevietcms | 1 Nukeviet | 2025-04-09 | N/A |
| Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0229 | 1 Level One | 1 Wbr-3460a | 2025-04-09 | N/A |
| The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access. | ||||
| CVE-2009-0591 | 1 Openssl | 1 Openssl | 2025-04-09 | N/A |
| The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid. | ||||
| CVE-2007-6006 | 1 Testlink | 1 Testlink | 2025-04-09 | N/A |
| TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors. | ||||
| CVE-2008-7041 | 1 Ajsquare | 1 Aj Classifieds | 2025-04-09 | N/A |
| AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php. | ||||
| CVE-2008-6723 | 1 Turnkeyforms | 1 Entertainment Portal | 2025-04-09 | N/A |
| TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator. | ||||
| CVE-2007-5987 | 1 Bti-tracker | 1 Bti-tracker | 2025-04-09 | N/A |
| details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest. | ||||
| CVE-2008-3579 | 2 Calacode, Linux | 2 Atmail, Linux Kernel | 2025-04-09 | N/A |
| Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitation of CVE-2008-3395. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3318 | 1 Maian | 1 Weblog | 2025-04-09 | N/A |
| admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie. | ||||
| CVE-2007-5113 | 1 Roi Revolution | 1 Urchin | 2025-04-09 | N/A |
| report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112. | ||||
| CVE-2008-5296 | 1 Gallery | 1 Gallery | 2025-04-09 | N/A |
| Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2505 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2025-04-09 | N/A |
| The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability." | ||||
| CVE-2008-4146 | 1 Addalink | 1 Addalink | 2025-04-09 | N/A |
| Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field. | ||||
| CVE-2009-4128 | 1 Gnu | 1 Grub 2 | 2025-04-09 | N/A |
| GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1. | ||||
| CVE-2008-6045 | 1 Xt-commerce | 1 Xt-commerce | 2025-04-09 | N/A |
| Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter. | ||||