Total
3371 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5809 | 1 Futomi | 1 Access Analyzer Cgi | 2024-11-21 | 5.8 MEDIUM | N/A |
| futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id. | |||||
| CVE-2008-5783 | 1 V3chat | 1 V3 Chat Live Support | 2024-11-21 | 7.5 HIGH | N/A |
| admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | |||||
| CVE-2008-5721 | 1 Sapporoworks | 1 Blackjumbodog | 2024-11-21 | 5.0 MEDIUM | N/A |
| SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors. | |||||
| CVE-2008-5708 | 1 Slimcms | 1 Slimcms | 2024-11-21 | 7.5 HIGH | N/A |
| redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1. | |||||
| CVE-2008-5692 | 1 Ipswitch | 1 Ws Ftp | 2024-11-21 | 5.0 MEDIUM | N/A |
| Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name. | |||||
| CVE-2008-5686 | 1 Ibm | 1 Tivoli Provisioning Manager | 2024-11-21 | 8.5 HIGH | N/A |
| IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows. | |||||
| CVE-2008-5576 | 1 Scssboard | 1 Scssboard | 2024-11-21 | 7.5 HIGH | N/A |
| admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the current_user[users_level] parameter. | |||||
| CVE-2008-5575 | 1 Proclanmanager | 1 Pro Clan Manager | 2024-11-21 | 7.5 HIGH | N/A |
| Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
| CVE-2008-5558 | 1 Asterisk | 2 Asterisk Business Edition, Open Source | 2024-11-21 | 4.3 MEDIUM | N/A |
| Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching. | |||||
| CVE-2008-5497 | 1 Bandsitecms | 1 Bandsite Cms | 2024-11-21 | 7.5 HIGH | N/A |
| BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true. | |||||
| CVE-2008-5407 | 1 Symantec | 1 Backup Exec For Windows Server | 2024-11-21 | 9.4 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. | |||||
| CVE-2008-5355 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 10.0 HIGH | N/A |
| The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. | |||||
| CVE-2008-5296 | 1 Gallery | 1 Gallery | 2024-11-21 | 6.8 MEDIUM | N/A |
| Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5221 | 1 Wportfolio | 1 Wportfolio | 2024-11-21 | 7.5 HIGH | N/A |
| The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters. | |||||
| CVE-2008-5219 | 1 Videoscript | 1 Videoscript | 2024-11-21 | 7.5 HIGH | N/A |
| The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters. | |||||
| CVE-2008-5158 | 1 Clientsoftware | 1 Wincome Mpd Total | 2024-11-21 | 7.5 HIGH | N/A |
| Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving "simply skipping the auth stage." | |||||
| CVE-2008-5125 | 1 Castillocentral | 1 Ccleague | 2024-11-21 | 6.8 MEDIUM | N/A |
| admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin. | |||||
| CVE-2008-5124 | 1 Jscape | 1 Secure Ftp Applet | 2024-11-21 | 7.5 HIGH | N/A |
| JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks. | |||||
| CVE-2008-5082 | 1 Redhat | 2 Dogtag Certificate System, Certificate System | 2024-11-21 | 6.0 MEDIUM | N/A |
| The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key. | |||||
| CVE-2008-5065 | 1 Easy-script | 1 Tlguesbook | 2024-11-21 | 7.5 HIGH | N/A |
| TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin. | |||||