Total
4131 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0025 | 1 Isc | 1 Bind | 2026-06-16 | 6.8 MEDIUM | N/A |
| BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0021 | 1 Ntp | 1 Ntp | 2026-06-16 | 5.0 MEDIUM | N/A |
| NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2008-7263 | 1 G.rodola | 1 Pyftpdlib | 2026-06-16 | 7.5 HIGH | N/A |
| ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2008-7179 | 1 Otmanager | 1 Otmanager Cms | 2026-06-16 | 7.5 HIGH | N/A |
| OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php. | |||||
| CVE-2008-7156 | 1 Ekinboard | 1 Ekinboard | 2026-06-16 | 6.8 MEDIUM | N/A |
| EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php. | |||||
| CVE-2008-7124 | 1 Zkup | 1 Zkup | 2026-06-16 | 7.5 HIGH | N/A |
| zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator. | |||||
| CVE-2008-7086 | 1 Maianscriptworld | 1 Maian Greetings | 2026-06-16 | 7.5 HIGH | N/A |
| Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin. | |||||
| CVE-2008-7081 | 1 Raidsonic | 1 Icy Box Nas | 2026-06-16 | 10.0 HIGH | N/A |
| userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-7051 | 1 Ajsquare | 1 Aj Article | 2026-06-16 | 7.5 HIGH | N/A |
| AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to (1) user.php, (2) articles.php, (3) articlesuspend.php, (4) site.php, (5) statistics.php, (6) mail.php, (7) category.php, (8) subcategory.php, (9) changepassword.php, (10) polling.php, and (11) logo.php in admin/. | |||||
| CVE-2008-7047 | 1 Natterchat | 1 Natterchat | 2026-06-16 | 7.5 HIGH | N/A |
| NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp. | |||||
| CVE-2008-7046 | 1 Ajsquare | 1 Free Polling Script | 2026-06-16 | 6.4 MEDIUM | N/A |
| AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-7045 | 1 Ajsquare | 1 Free Polling Script | 2026-06-16 | 6.4 MEDIUM | N/A |
| AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to bypass authentication and reset poll votes via a direct request to admin/resetvote.php. | |||||
| CVE-2008-7041 | 1 Ajsquare | 1 Aj Classifieds | 2026-06-16 | 7.5 HIGH | N/A |
| AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php. | |||||
| CVE-2008-7028 | 1 Aves | 1 Rpg Board | 2026-06-16 | 7.5 HIGH | N/A |
| RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges by setting the keep4u cookie to a certain value. | |||||
| CVE-2008-7027 | 1 Libra File Manager | 1 Php Filemanager | 2026-06-16 | 7.5 HIGH | N/A |
| Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1. | |||||
| CVE-2008-7019 | 1 Esqlanelapse | 1 Esqlanelapse | 2026-06-16 | 7.5 HIGH | N/A |
| Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authentication and gain privileges via modified (1) enombre and (2) euri cookies. | |||||
| CVE-2008-7008 | 1 Hyperstop | 1 Web Host Directory | 2026-06-16 | 5.0 MEDIUM | N/A |
| HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a database backup via a direct request to admin/backup/db. | |||||
| CVE-2008-7007 | 1 Phpversion | 1 Php Vx Guestbook | 2026-06-16 | 7.5 HIGH | N/A |
| Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1. | |||||
| CVE-2008-7006 | 1 Phpversion | 1 Php Vx Guestbook | 2026-06-16 | 5.0 MEDIUM | N/A |
| Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to admin/backupdb.php. | |||||
| CVE-2008-6984 | 1 Parallels | 1 Plesk | 2026-06-16 | 5.8 MEDIUM | N/A |
| Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3. | |||||