Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0642 | 1 Ruby-lang | 1 Ruby | 2017-09-29 | 6.8 MEDIUM | N/A |
| ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. | |||||
| CVE-2008-6718 | 1 Uochm | 1 Justbookit | 2017-09-29 | 7.5 HIGH | N/A |
| U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) user_manual.php, (2) user_config.php, (3) user_kundnamn.php, (4) user_kundlista.php, (5) user_aktiva_kunder.php, (6) database.php, and possibly (7) index.php. | |||||
| CVE-2008-6738 | 1 Mark Girling | 1 Myshoutpro | 2017-09-29 | 7.5 HIGH | N/A |
| MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1. | |||||
| CVE-2008-6864 | 1 Xigla | 1 Absolute Live Support .net | 2017-09-29 | 7.5 HIGH | N/A |
| Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-6951 | 1 Cms.maury91 | 1 Maurycms | 2017-09-29 | 7.5 HIGH | N/A |
| MauryCMS 0.53.2 and earlier does not require administrative authentication for Editors/fckeditor/editor/filemanager/browser/default/browser.html, which allows remote attackers to upload arbitrary files via a direct request. | |||||
| CVE-2008-6854 | 1 Xigla | 1 Absolute Faq Manager .net | 2017-09-29 | 7.5 HIGH | N/A |
| Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-6269 | 1 Joovili | 1 Joovili | 2017-09-29 | 7.5 HIGH | N/A |
| Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users. | |||||
| CVE-2008-6523 | 1 Cale Dunlap | 1 Openinvoice | 2017-09-29 | 7.5 HIGH | N/A |
| auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users. | |||||
| CVE-2008-6667 | 1 Marc Melvin | 1 A\+ Php Scripts News Management System | 2017-09-29 | 7.5 HIGH | N/A |
| A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1. | |||||
| CVE-2008-6739 | 1 Toddwoolums | 1 Asp Download | 2017-09-29 | 7.5 HIGH | N/A |
| Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request. | |||||
| CVE-2008-6717 | 1 Uochm | 1 Signup | 2017-09-29 | 7.5 HIGH | N/A |
| U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) adminstart.php, (2) admineventtype.php, (3) admineventdetails.php, (4) admineventlist.php, (5) adminuserslist.php, (6) adminleaderslist.php, (7) admindatabase.php, and possibly (8) index.php. | |||||
| CVE-2008-4427 | 1 Phlatline | 1 Personal Information Manager | 2017-09-29 | 7.5 HIGH | N/A |
| changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords. | |||||
| CVE-2008-4784 | 1 Aflog | 1 Aflog | 2017-09-29 | 7.5 HIGH | N/A |
| aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php. | |||||
| CVE-2008-4752 | 1 Tech Logic | 1 Tlnews | 2017-09-29 | 7.5 HIGH | N/A |
| TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin. | |||||
| CVE-2008-5576 | 1 Scssboard | 1 Scssboard | 2017-09-29 | 7.5 HIGH | N/A |
| admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the current_user[users_level] parameter. | |||||
| CVE-2008-4708 | 1 Sylvain Pasquet | 1 Bbzl.php | 2017-09-29 | 7.5 HIGH | N/A |
| BbZL.PhP 0.92 allows remote attackers to bypass authentication and gain administrative access by setting the phorum_admin_session cookie to 1. | |||||
| CVE-2008-5125 | 1 Castillocentral | 1 Ccleague | 2017-09-29 | 6.8 MEDIUM | N/A |
| admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin. | |||||
| CVE-2008-4146 | 1 Addalink | 1 Addalink | 2017-09-29 | 5.0 MEDIUM | N/A |
| Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field. | |||||
| CVE-2008-4714 | 1 Atomic Photo Album | 1 Atomic Photo Album | 2017-09-29 | 7.5 HIGH | N/A |
| Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password cookies, which probably allows remote attackers to bypass authentication and gain administrative access via modified cookies. | |||||
| CVE-2008-6143 | 1 Owentechkenya | 1 Owenpoll | 2017-09-29 | 7.5 HIGH | N/A |
| OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie. | |||||