Total
3930 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1897 | 1 Asterisk | 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923. | |||||
| CVE-2009-0046 | 1 Sun | 1 Grid Engine | 2025-04-09 | 5.0 MEDIUM | N/A |
| Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2007-5391 | 1 Hp | 1 Select Identity | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors. | |||||
| CVE-2009-3421 | 1 Zenas | 1 Pao-bacheca Guestbook | 2025-04-09 | 6.8 MEDIUM | 9.8 CRITICAL |
| login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1. | |||||
| CVE-2007-5988 | 1 Bti-tracker | 1 Bti-tracker | 2025-04-09 | 7.5 HIGH | N/A |
| blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field. | |||||
| CVE-2008-2282 | 1 Thomas Voecking | 1 Internet Photoshow | 2025-04-09 | 7.5 HIGH | N/A |
| admin.php in Internet Photoshow and Internet Photoshow Special Edition (SE) allows remote attackers to bypass authentication by setting the login_admin cookie to true. | |||||
| CVE-2009-0864 | 1 Matteoiammarrone | 1 S-cms | 2025-04-09 | 7.5 HIGH | N/A |
| S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie. | |||||
| CVE-2008-6863 | 1 Xigla | 1 Absolute Form Processor.net | 2025-04-09 | 7.5 HIGH | N/A |
| Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2007-5162 | 1 Ruby-lang | 1 Ruby | 2025-04-09 | 4.3 MEDIUM | N/A |
| The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. | |||||
| CVE-2006-6997 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Standard | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792. | |||||
| CVE-2009-2505 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2025-04-09 | 10.0 HIGH | N/A |
| The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability." | |||||
| CVE-2007-4203 | 1 Mambo | 1 Mambo Open Source | 2025-04-09 | 9.3 HIGH | N/A |
| Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. | |||||
| CVE-2008-6667 | 1 Marc Melvin | 1 A\+ Php Scripts News Management System | 2025-04-09 | 7.5 HIGH | N/A |
| A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1. | |||||
| CVE-2007-3988 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2025-04-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
| CVE-2009-0021 | 1 Ntp | 1 Ntp | 2025-04-09 | 5.0 MEDIUM | N/A |
| NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0124 | 1 Arrl | 1 Tqsllib | 2025-04-09 | 5.0 MEDIUM | N/A |
| The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2007-2243 | 1 Openbsd | 1 Openssh | 2025-04-09 | 5.0 MEDIUM | N/A |
| OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483. | |||||
| CVE-2008-4714 | 1 Atomic Photo Album | 1 Atomic Photo Album | 2025-04-09 | 7.5 HIGH | N/A |
| Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password cookies, which probably allows remote attackers to bypass authentication and gain administrative access via modified cookies. | |||||
| CVE-2008-0210 | 1 Uebimiau | 1 Webmail | 2025-04-09 | 6.4 MEDIUM | N/A |
| Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140. | |||||
| CVE-2008-3729 | 1 Microworld Technologies | 1 Mailscan | 2025-04-09 | 7.5 HIGH | N/A |
| Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie. | |||||