Total
3717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3754 | 1 Apple | 2 Iphone, Iphone Os | 2025-04-09 | 4.3 MEDIUM | N/A |
| Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack. | |||||
| CVE-2008-3905 | 1 Ruby-lang | 1 Ruby | 2025-04-09 | 5.8 MEDIUM | N/A |
| resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | |||||
| CVE-2008-0403 | 1 Belkin | 1 F5d9230-4 | 2025-04-09 | 5.5 MEDIUM | N/A |
| The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi. | |||||
| CVE-2009-1580 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-09 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. | |||||
| CVE-2009-3231 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 6 Ubuntu Linux, Fedora, Opensuse and 3 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password. | |||||
| CVE-2007-4747 | 1 Cisco | 3 Video Surveillance Ip Gateway Encoder Decoder, Video Surveillance Sp Isp, Video Surveillance Sp Isp Decoder Software | 2025-04-09 | 10.0 HIGH | N/A |
| The telnet service in Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier does not require authentication, which allows remote attackers to perform administrative actions, aka CSCsj31729. | |||||
| CVE-2008-7006 | 1 Phpversion | 1 Php Vx Guestbook | 2025-04-09 | 5.0 MEDIUM | N/A |
| Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to admin/backupdb.php. | |||||
| CVE-2008-6664 | 1 Yarck | 1 Sh-news | 2025-04-09 | 7.5 HIGH | N/A |
| action.php in SH-News 3.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values. | |||||
| CVE-2008-6445 | 1 Yourplace | 1 Yourplace | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0706 | 2 Compaq, Hp | 4 Presario A900, Presario C700, G7000 and 1 more | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password. | |||||
| CVE-2007-1480 | 1 Creative Guestbook | 1 Creative Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
| Creative Guestbook 1.0 allows remote attackers to add an administrative account via a direct request to createadmin.php with Name, Email, and PASSWORD parameters set. | |||||
| CVE-2008-6455 | 1 Edikon | 1 Phpshop | 2025-04-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2833 | 1 Worldlevel | 1 Le.cms | 2025-04-09 | 10.0 HIGH | N/A |
| admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters. | |||||
| CVE-2008-4576 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
| sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires. | |||||
| CVE-2008-6965 | 1 Aj Square | 1 Aj Auction | 2025-04-09 | 7.5 HIGH | N/A |
| AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly other vectors. | |||||
| CVE-2008-2406 | 1 Sun | 1 Java Asp Server | 2025-04-09 | 7.5 HIGH | N/A |
| The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102. | |||||
| CVE-2008-7051 | 1 Ajsquare | 1 Aj Article | 2025-04-09 | 7.5 HIGH | N/A |
| AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to (1) user.php, (2) articles.php, (3) articlesuspend.php, (4) site.php, (5) statistics.php, (6) mail.php, (7) category.php, (8) subcategory.php, (9) changepassword.php, (10) polling.php, and (11) logo.php in admin/. | |||||
| CVE-2008-6707 | 1 Avaya | 2 Communication Manager, Sip Enablement Services | 2025-04-09 | 6.4 MEDIUM | N/A |
| The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help." | |||||
| CVE-2006-6705 | 1 Soumu | 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors. | |||||
| CVE-2008-3411 | 1 Axesstel | 1 Akw-d800 | 2025-04-09 | 10.0 HIGH | N/A |
| The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests. | |||||