Total
3618 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0466 | 1 Webwiz | 3 Web Wiz Forums, Web Wiz Newspad, Web Wiz Rich Text Editor | 2025-04-09 | 5.0 MEDIUM | N/A |
| Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability. | |||||
| CVE-2007-5057 | 1 Netsupport | 1 Netsupport Manager Client | 2025-04-09 | 10.0 HIGH | N/A |
| NetSupport Manager Client before 10.20.0004 allows remote attackers to bypass the (1) basic and (2) authentication schemes by spoofing the NetSupport Manager. | |||||
| CVE-2007-3597 | 1 Zen Cart | 1 Zen Cart | 2025-04-09 | 8.5 HIGH | N/A |
| Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. | |||||
| CVE-2007-1951 | 1 Onelook | 1 Oboshop | 2025-04-09 | 7.5 HIGH | N/A |
| Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | |||||
| CVE-2008-6854 | 1 Xigla | 1 Absolute Faq Manager .net | 2025-04-09 | 7.5 HIGH | N/A |
| Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2007-2719 | 1 Hp | 1 Systems Insight Manager | 2025-04-09 | 10.0 HIGH | N/A |
| Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie. | |||||
| CVE-2007-4548 | 1 Apache | 1 Geronimo | 2025-04-09 | 10.0 HIGH | N/A |
| The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module. | |||||
| CVE-2008-6916 | 2 John Doe, Siemens | 2 Netport Software, Speedstream 5200 | 2025-04-09 | 10.0 HIGH | N/A |
| Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname. | |||||
| CVE-2008-1938 | 1 Sony | 1 Mylo Com 2 | 2025-04-09 | 6.4 MEDIUM | N/A |
| Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks. | |||||
| CVE-2008-5721 | 1 Sapporoworks | 1 Blackjumbodog | 2025-04-09 | 5.0 MEDIUM | N/A |
| SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors. | |||||
| CVE-2009-1629 | 1 Antony Lesuisse | 1 Ajaxterm | 2025-04-09 | 6.8 MEDIUM | N/A |
| ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack. | |||||
| CVE-2008-5221 | 1 Wportfolio | 1 Wportfolio | 2025-04-09 | 7.5 HIGH | N/A |
| The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters. | |||||
| CVE-2008-7027 | 1 Libra File Manager | 1 Php Filemanager | 2025-04-09 | 7.5 HIGH | N/A |
| Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1. | |||||
| CVE-2009-0669 | 1 Zope | 1 Zodb | 2025-04-09 | 7.5 HIGH | N/A |
| Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol. | |||||
| CVE-2009-0440 | 1 Ibm | 1 Websphere Partner Gateway | 2025-04-09 | 6.5 MEDIUM | N/A |
| IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print." | |||||
| CVE-2008-6856 | 1 Xigla | 1 Absolute News Manager.net | 2025-04-09 | 7.5 HIGH | N/A |
| Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2007-5988 | 1 Bti-tracker | 1 Bti-tracker | 2025-04-09 | 7.5 HIGH | N/A |
| blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field. | |||||
| CVE-2008-6667 | 1 Marc Melvin | 1 A\+ Php Scripts News Management System | 2025-04-09 | 7.5 HIGH | N/A |
| A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1. | |||||
| CVE-2009-0130 | 1 Erlang | 1 Erlang | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid. | |||||
| CVE-2009-0049 | 1 Eid | 1 Eidlib | 2025-04-09 | 5.0 MEDIUM | N/A |
| Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||