Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5219 | 1 Videoscript | 1 Videoscript | 2017-09-29 | 7.5 HIGH | N/A |
| The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters. | |||||
| CVE-2008-5708 | 1 Slimcms | 1 Slimcms | 2017-09-29 | 7.5 HIGH | N/A |
| redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1. | |||||
| CVE-2008-4576 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 7.8 HIGH | N/A |
| sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires. | |||||
| CVE-2008-4319 | 1 Libra File Manager | 1 Php Filemanager | 2017-09-29 | 6.4 MEDIUM | N/A |
| fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string. | |||||
| CVE-2008-5355 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 10.0 HIGH | N/A |
| The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. | |||||
| CVE-2008-6118 | 1 Goople Cms | 1 Goople Cms | 2017-09-29 | 7.5 HIGH | N/A |
| win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1. | |||||
| CVE-2008-4244 | 1 Rianxosencabos Cms | 1 Rianxosencabos Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1. | |||||
| CVE-2008-5221 | 1 Wportfolio | 1 Wportfolio | 2017-09-29 | 7.5 HIGH | N/A |
| The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters. | |||||
| CVE-2008-4783 | 1 Easy-script | 1 Tlads | 2017-09-29 | 7.5 HIGH | N/A |
| tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to "admin." | |||||
| CVE-2008-4721 | 1 Php Jabbers | 1 Post Comment | 2017-09-29 | 7.5 HIGH | N/A |
| PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged." | |||||
| CVE-2008-5040 | 1 Graphiks | 1 Myforum | 2017-09-29 | 7.5 HIGH | N/A |
| Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1. | |||||
| CVE-2008-5880 | 1 Gobbl | 1 Gobbl Cms | 2017-09-29 | 7.5 HIGH | N/A |
| admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok". | |||||
| CVE-2008-6162 | 1 Bux | 1 Bux.to Clone Script | 2017-09-29 | 7.5 HIGH | N/A |
| Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin. | |||||
| CVE-2008-5783 | 1 V3chat | 1 V3 Chat Live Support | 2017-09-29 | 7.5 HIGH | N/A |
| admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | |||||
| CVE-2008-4614 | 1 Portalapp | 1 Portalapp | 2017-09-29 | 7.5 HIGH | N/A |
| PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies. | |||||
| CVE-2008-5065 | 1 Easy-script | 1 Tlguesbook | 2017-09-29 | 7.5 HIGH | N/A |
| TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin. | |||||
| CVE-2008-6009 | 1 Sg Real Estate Portal | 1 Sg Real Estate Portal | 2017-09-29 | 7.5 HIGH | N/A |
| SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1. | |||||
| CVE-2008-4622 | 1 Phpfastnews | 1 Phpfastnews | 2017-09-29 | 7.5 HIGH | N/A |
| The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1. | |||||
| CVE-2008-5042 | 1 Zeeways | 1 Photovideotube | 2017-09-29 | 7.5 HIGH | N/A |
| Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php. | |||||
| CVE-2008-5497 | 1 Bandsitecms | 1 Bandsite Cms | 2017-09-29 | 7.5 HIGH | N/A |
| BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true. | |||||