Search Results (4210 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4167 1 Ezphotogallery 1 Ezphotogallery 2025-04-09 N/A
useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account.
CVE-2008-4223 1 Apple 1 Mac Os X Server 2025-04-09 N/A
Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors.
CVE-2008-4244 1 Rianxosencabos Cms 1 Rianxosencabos Cms 2025-04-09 N/A
Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1.
CVE-2008-4319 1 Libra File Manager 1 Php Filemanager 2025-04-09 N/A
fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.
CVE-2008-4679 1 Ibm 1 Websphere Application Server 2025-04-09 N/A
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate.
CVE-2008-4689 1 Mantis 1 Mantis 2025-04-09 N/A
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
CVE-2008-4708 1 Sylvain Pasquet 1 Bbzl.php 2025-04-09 N/A
BbZL.PhP 0.92 allows remote attackers to bypass authentication and gain administrative access by setting the phorum_admin_session cookie to 1.
CVE-2008-4714 1 Atomic Photo Album 1 Atomic Photo Album 2025-04-09 N/A
Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password cookies, which probably allows remote attackers to bypass authentication and gain administrative access via modified cookies.
CVE-2008-4721 1 Php Jabbers 1 Post Comment 2025-04-09 N/A
PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."
CVE-2008-4722 1 Sun 37 Blade 6000 Modular System With Chassis, Blade 6048 Modular System With Chassis, Blade 8000 Modular System and 34 more 2025-04-09 N/A
Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors.
CVE-2008-4752 1 Tech Logic 1 Tlnews 2025-04-09 N/A
TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin.
CVE-2008-4783 1 Easy-script 1 Tlads 2025-04-09 N/A
tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to "admin."
CVE-2008-4784 1 Aflog 1 Aflog 2025-04-09 N/A
aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php.
CVE-2008-5219 1 Videoscript 1 Videoscript 2025-04-09 N/A
The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters.
CVE-2008-5221 1 Wportfolio 1 Wportfolio 2025-04-09 N/A
The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.
CVE-2008-5296 1 Gallery 1 Gallery 2025-04-09 N/A
Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information.
CVE-2008-5355 1 Sun 3 Jdk, Jre, Sdk 2025-04-09 N/A
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.
CVE-2008-5407 1 Symantec 1 Backup Exec For Windows Server 2025-04-09 N/A
Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors.
CVE-2008-5497 1 Bandsitecms 1 Bandsite Cms 2025-04-09 N/A
BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true.
CVE-2008-5558 1 Asterisk 2 Asterisk Business Edition, Open Source 2025-04-09 N/A
Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.