Total
3930 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6581 | 1 Phpaddedit | 1 Phpaddedit | 2025-04-09 | 7.5 HIGH | N/A |
| login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter. | |||||
| CVE-2009-3623 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
| The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request. | |||||
| CVE-2008-2730 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843. | |||||
| CVE-2008-1106 | 2 Akamai Technologies, Red Swoosh | 2 Client, Client | 2025-04-09 | 7.1 HIGH | N/A |
| The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files. | |||||
| CVE-2007-6145 | 1 Hitachi | 1 Jp1 File Transmission Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-01 allows remote attackers to bypass authentication and "view files" via unspecified vectors. | |||||
| CVE-2008-0926 | 1 Novell | 1 Edirectory | 2025-04-09 | 7.5 HIGH | N/A |
| The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected. | |||||
| CVE-2007-6384 | 1 Bea | 1 Weblogic Mobility Server | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors. | |||||
| CVE-2008-5407 | 1 Symantec | 1 Backup Exec For Windows Server | 2025-04-09 | 9.4 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. | |||||
| CVE-2008-3033 | 1 Rss Aggregator | 1 Rss Aggregator | 2025-04-09 | 9.3 HIGH | N/A |
| RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php. | |||||
| CVE-2009-3923 | 1 Sun | 2 Virtual Desktop Infrastructure, Virtualbox | 2025-04-09 | 7.5 HIGH | N/A |
| The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server. | |||||
| CVE-2008-1868 | 1 Pixel Motion | 1 Pixel Motion Blog | 2025-04-09 | 7.5 HIGH | N/A |
| admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information. | |||||
| CVE-2008-4708 | 1 Sylvain Pasquet | 1 Bbzl.php | 2025-04-09 | 7.5 HIGH | N/A |
| BbZL.PhP 0.92 allows remote attackers to bypass authentication and gain administrative access by setting the phorum_admin_session cookie to 1. | |||||
| CVE-2009-2072 | 1 Apple | 1 Safari | 2025-04-09 | 5.4 MEDIUM | N/A |
| Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server. | |||||
| CVE-2009-2233 | 1 Awscripts | 1 Gallery Search Engine | 2025-04-09 | 7.5 HIGH | N/A |
| The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1. | |||||
| CVE-2008-6553 | 1 Impliedbydesign | 1 Micro-cms | 2025-04-09 | 7.5 HIGH | N/A |
| microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a delete_admin action, and (3) modify administrative passwords via a change_password action. | |||||
| CVE-2007-5770 | 1 Ruby-lang | 1 Ruby | 2025-04-09 | 5.0 MEDIUM | N/A |
| The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162. | |||||
| CVE-2007-1949 | 1 Webblizzard | 1 Content Management System | 2025-04-09 | 7.5 HIGH | N/A |
| Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | |||||
| CVE-2008-4515 | 1 Blue Coat Systems | 1 K9 Web Protection | 2025-04-09 | 7.5 HIGH | N/A |
| Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript. | |||||
| CVE-2008-6045 | 1 Xt-commerce | 1 Xt-commerce | 2025-04-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter. | |||||
| CVE-2008-0330 | 1 Radiator | 1 Radius Server | 2025-04-09 | 7.8 HIGH | N/A |
| Open System Consultants (OSC) Radiator before 4.0 allows remote attackers to cause a denial of service (daemon crash) via malformed RADIUS requests, as demonstrated by packets sent by nmap. | |||||