Total
4275 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1356 | 1 Sun | 1 Solaris | 2025-04-09 | N/A |
| Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash. | ||||
| CVE-2009-0126 | 1 Berkeley | 1 Boinc Client | 2025-04-09 | N/A |
| The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | ||||
| CVE-2008-1334 | 1 Bt | 1 Home Hub | 2025-04-09 | N/A |
| cgi/b on the BT Home Hub router allows remote attackers to bypass authentication, and read or modify administrative settings or make arbitrary VoIP telephone calls, by placing a character at the end of the PATH_INFO, as demonstrated by (1) %5C (encoded backslash), (2) '%' (percent), and (3) '~' (tilde). NOTE: the '/' (slash) vector is already covered by CVE-2007-5383. | ||||
| CVE-2008-4319 | 1 Libra File Manager | 1 Php Filemanager | 2025-04-09 | N/A |
| fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string. | ||||
| CVE-2008-1238 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms. | ||||
| CVE-2008-1154 | 1 Cisco | 4 Emergency Responder, Mobility Manager, Unified Communications Manager and 1 more | 2025-04-09 | N/A |
| The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2008-0410 | 1 Hfs | 1 Http File Server | 2025-04-09 | N/A |
| HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL. | ||||
| CVE-2007-5374 | 1 Lightblog | 1 Lightblog | 2025-04-09 | N/A |
| cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account. | ||||
| CVE-2009-0440 | 1 Ibm | 1 Websphere Partner Gateway | 2025-04-09 | N/A |
| IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print." | ||||
| CVE-2008-3703 | 1 Symantec | 1 Veritas Storage Foundation | 2025-04-09 | N/A |
| The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279. | ||||
| CVE-2008-0823 | 1 Drupal | 1 Header Image | 2025-04-09 | N/A |
| Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors. | ||||
| CVE-2008-5964 | 1 Impresscms | 1 Impresscms | 2025-04-09 | N/A |
| Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2008-4752 | 1 Tech Logic | 1 Tlnews | 2025-04-09 | N/A |
| TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin. | ||||
| CVE-2009-0124 | 1 Arrl | 1 Tqsllib | 2025-04-09 | N/A |
| The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | ||||
| CVE-2009-1619 | 1 Teraway | 1 Filestream | 2025-04-09 | N/A |
| Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1. | ||||
| CVE-2008-0640 | 1 Symantec | 1 Ghost Solutions Suite | 2025-04-09 | N/A |
| Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing. | ||||
| CVE-2008-0555 | 1 Apache-ssl | 1 Apache-ssl | 2025-04-09 | N/A |
| The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables. | ||||
| CVE-2008-4783 | 1 Easy-script | 1 Tlads | 2025-04-09 | N/A |
| tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to "admin." | ||||
| CVE-2007-6385 | 1 Kerio | 1 Winroute Firewall | 2025-04-09 | N/A |
| The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. | ||||
| CVE-2009-0125 | 1 Finkproject | 1 Libnasl | 2025-04-09 | N/A |
| NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has absolutely no security ramification. | ||||