Total
4020 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4722 | 1 Sun | 37 Blade 6000 Modular System With Chassis, Blade 6048 Modular System With Chassis, Blade 8000 Modular System and 34 more | 2025-04-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors. | |||||
| CVE-2008-6455 | 1 Edikon | 1 Phpshop | 2025-04-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0229 | 1 Level One | 1 Wbr-3460a | 2025-04-09 | 10.0 HIGH | N/A |
| The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access. | |||||
| CVE-2008-5964 | 1 Impresscms | 1 Impresscms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
| CVE-2009-0591 | 1 Openssl | 1 Openssl | 2025-04-09 | 2.6 LOW | N/A |
| The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid. | |||||
| CVE-2008-4427 | 1 Phlatline | 1 Personal Information Manager | 2025-04-09 | 7.5 HIGH | N/A |
| changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords. | |||||
| CVE-2009-1825 | 1 Collector | 1 Mycolex | 2025-04-09 | 4.0 MEDIUM | N/A |
| modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action. | |||||
| CVE-2008-3891 | 1 Google | 1 Google Apps | 2025-04-09 | 7.5 HIGH | N/A |
| The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field. | |||||
| CVE-2008-5158 | 1 Clientsoftware | 1 Wincome Mpd Total | 2025-04-09 | 7.5 HIGH | N/A |
| Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving "simply skipping the auth stage." | |||||
| CVE-2007-5113 | 1 Roi Revolution | 1 Urchin | 2025-04-09 | 5.0 MEDIUM | N/A |
| report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112. | |||||
| CVE-2008-6763 | 1 Hypersilence | 1 Silentum Loginsys | 2025-04-09 | 7.5 HIGH | N/A |
| login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypass authentication and obtain access to an arbitrary account by setting the logged_in cookie to that account's username. | |||||
| CVE-2010-0014 | 1 Fedoraproject | 1 Sssd | 2025-04-09 | 3.7 LOW | N/A |
| System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT. | |||||
| CVE-2008-6092 | 1 Phpscripts | 1 Ranking-script | 2025-04-09 | 7.5 HIGH | N/A |
| phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie. | |||||
| CVE-2007-1949 | 1 Webblizzard | 1 Content Management System | 2025-04-09 | 7.5 HIGH | N/A |
| Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | |||||
| CVE-2009-2863 | 1 Cisco | 1 Ios | 2025-04-09 | 7.1 HIGH | N/A |
| Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227. | |||||
| CVE-2008-4784 | 1 Aflog | 1 Aflog | 2025-04-09 | 7.5 HIGH | N/A |
| aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php. | |||||
| CVE-2007-5797 | 1 Apache | 1 Geronimo | 2025-04-09 | 7.5 HIGH | N/A |
| SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database. | |||||
| CVE-2007-5374 | 1 Lightblog | 1 Lightblog | 2025-04-09 | 6.5 MEDIUM | N/A |
| cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account. | |||||
| CVE-2009-0440 | 1 Ibm | 1 Websphere Partner Gateway | 2025-04-09 | 6.5 MEDIUM | N/A |
| IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print." | |||||
| CVE-2009-1489 | 1 Rens Rikkerink | 1 Fungamez | 2025-04-09 | 7.5 HIGH | N/A |
| includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter. | |||||