Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3597 | 1 Zen Cart | 1 Zen Cart | 2018-10-15 | 8.5 HIGH | N/A |
| Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. | |||||
| CVE-2016-8380 | 1 Phoenixcontact | 2 Ilc Plcs, Ilc Plcs Firmware | 2018-10-14 | 7.5 HIGH | 7.3 HIGH |
| The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. | |||||
| CVE-2016-8371 | 1 Phoenixcontact | 2 Ilc Plcs, Ilc Plcs Firmware | 2018-10-14 | 7.5 HIGH | 7.3 HIGH |
| The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. | |||||
| CVE-2013-1337 | 1 Microsoft | 1 .net Framework | 2018-10-12 | 7.5 HIGH | N/A |
| Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability." | |||||
| CVE-2011-0039 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2018-10-12 | 7.2 HIGH | N/A |
| The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability." | |||||
| CVE-2008-4032 | 1 Microsoft | 2 Office Sharepoint Server, Search Server | 2018-10-12 | 7.5 HIGH | N/A |
| Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." | |||||
| CVE-2008-3466 | 1 Microsoft | 3 Host Integration Server 2000, Host Integration Server 2004, Host Integration Server 2006 | 2018-10-12 | 10.0 HIGH | N/A |
| Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." | |||||
| CVE-2009-0280 | 1 Asp-project | 1 Asp-project | 2018-10-11 | 7.5 HIGH | N/A |
| Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1. | |||||
| CVE-2009-0412 | 1 Interspire | 1 Shopping Cart | 2018-10-11 | 7.5 HIGH | N/A |
| The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt. | |||||
| CVE-2009-0360 | 1 Eyrie | 1 Pam-krb5 | 2018-10-11 | 6.2 MEDIUM | N/A |
| Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application. | |||||
| CVE-2009-0047 | 1 Gale | 1 Gale | 2018-10-11 | 5.0 MEDIUM | N/A |
| Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0048 | 1 Openevidence | 1 Openevidence | 2018-10-11 | 5.0 MEDIUM | N/A |
| OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0051 | 1 Zxid | 1 Zxid | 2018-10-11 | 5.0 MEDIUM | N/A |
| ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0046 | 1 Sun | 1 Grid Engine | 2018-10-11 | 5.0 MEDIUM | N/A |
| Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0049 | 1 Eid | 1 Eidlib | 2018-10-11 | 5.0 MEDIUM | N/A |
| Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0021 | 1 Ntp | 1 Ntp | 2018-10-11 | 5.0 MEDIUM | N/A |
| NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0025 | 1 Isc | 1 Bind | 2018-10-11 | 6.8 MEDIUM | N/A |
| BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2008-6816 | 1 Eaton | 1 Network Shutdown Module | 2018-10-11 | 10.0 HIGH | N/A |
| Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php. | |||||
| CVE-2008-6947 | 1 Collabtive | 1 Collabtive | 2018-10-11 | 7.5 HIGH | N/A |
| Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php. | |||||
| CVE-2008-6039 | 1 Bluepage | 1 Bluepage Cms | 2018-10-11 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||