Total
3369 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2730 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843. | |||||
| CVE-2008-2705 | 1 Sun | 1 Java System Access Manager | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2008-2528 | 1 Citrix | 1 Access Gateway | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors. | |||||
| CVE-2008-2524 | 1 Blogphp | 1 Blogphp | 2024-11-21 | 5.0 MEDIUM | N/A |
| BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie. | |||||
| CVE-2008-2516 | 1 Libpam-pgsql | 1 Libpam-pgsql | 2024-11-21 | 4.6 MEDIUM | N/A |
| pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration. | |||||
| CVE-2008-2406 | 1 Sun | 1 Java Asp Server | 2024-11-21 | 7.5 HIGH | N/A |
| The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102. | |||||
| CVE-2008-2347 | 1 Mypicgallery | 1 Mypicgallery | 2024-11-21 | 7.5 HIGH | N/A |
| MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php. | |||||
| CVE-2008-2298 | 1 Sourceforge | 1 Web Slider | 2024-11-21 | 7.5 HIGH | N/A |
| Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1. | |||||
| CVE-2008-2282 | 1 Thomas Voecking | 1 Internet Photoshow | 2024-11-21 | 7.5 HIGH | N/A |
| admin.php in Internet Photoshow and Internet Photoshow Special Edition (SE) allows remote attackers to bypass authentication by setting the login_admin cookie to true. | |||||
| CVE-2008-2269 | 1 Kevin Ludlow | 1 Austinsmoke Gastracker | 2024-11-21 | 7.5 HIGH | N/A |
| AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers to bypass authentication and gain privileges by setting the gastracker_admin cookie to TRUE. | |||||
| CVE-2008-1971 | 1 Phphq | 1 Phshoutbox Final | 2024-11-21 | 7.5 HIGH | N/A |
| phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php. | |||||
| CVE-2008-1949 | 1 Gnu | 1 Gnutls | 2024-11-21 | 9.3 HIGH | N/A |
| The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2. | |||||
| CVE-2008-1938 | 1 Sony | 1 Mylo Com 2 | 2024-11-21 | 6.4 MEDIUM | N/A |
| Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks. | |||||
| CVE-2008-1930 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 7.5 HIGH | N/A |
| The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013. | |||||
| CVE-2008-1904 | 1 Cicoandcico | 1 Ccmail | 2024-11-21 | 7.5 HIGH | N/A |
| Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote attackers to obtain access to the "admin area" via a modified this_cookie cookie. | |||||
| CVE-2008-1897 | 1 Asterisk | 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more | 2024-11-21 | 4.3 MEDIUM | N/A |
| The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923. | |||||
| CVE-2008-1883 | 1 Blackboard | 1 Blackboard Academic Suite | 2024-11-21 | 6.8 MEDIUM | N/A |
| The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string. | |||||
| CVE-2008-1868 | 1 Pixel Motion | 1 Pixel Motion Blog | 2024-11-21 | 7.5 HIGH | N/A |
| admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information. | |||||
| CVE-2008-1727 | 1 Myknowledgequest | 1 Knowledgequest | 2024-11-21 | 7.5 HIGH | N/A |
| KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts. | |||||
| CVE-2008-1528 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2024-11-21 | 4.0 MEDIUM | N/A |
| ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys. | |||||