Total
4131 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6965 | 1 Aj Square | 1 Aj Auction | 2026-06-16 | 7.5 HIGH | N/A |
| AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly other vectors. | |||||
| CVE-2008-6951 | 1 Cms.maury91 | 1 Maurycms | 2026-06-16 | 7.5 HIGH | N/A |
| MauryCMS 0.53.2 and earlier does not require administrative authentication for Editors/fckeditor/editor/filemanager/browser/default/browser.html, which allows remote attackers to upload arbitrary files via a direct request. | |||||
| CVE-2008-6947 | 1 Collabtive | 1 Collabtive | 2026-06-16 | 7.5 HIGH | N/A |
| Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php. | |||||
| CVE-2008-6939 | 1 Turnkeyforms | 1 Web Hosting Directory | 2026-06-16 | 7.5 HIGH | N/A |
| TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username. | |||||
| CVE-2008-6919 | 1 Taskdriver | 1 Taskdriver | 2026-06-16 | 7.5 HIGH | N/A |
| profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin." | |||||
| CVE-2008-6916 | 2 John Doe, Siemens | 2 Netport Software, Speedstream 5200 | 2026-06-16 | 10.0 HIGH | N/A |
| Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname. | |||||
| CVE-2008-6912 | 1 Zeeways | 1 Shaadiclone | 2026-06-16 | 7.5 HIGH | N/A |
| Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php. | |||||
| CVE-2008-6864 | 1 Xigla | 1 Absolute Live Support .net | 2026-06-16 | 7.5 HIGH | N/A |
| Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-6863 | 1 Xigla | 1 Absolute Form Processor.net | 2026-06-16 | 7.5 HIGH | N/A |
| Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-6862 | 1 Xigla | 1 Absolute Content Rotator | 2026-06-16 | 7.5 HIGH | N/A |
| Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-6861 | 1 Xigla | 1 Absolute Newsletter | 2026-06-16 | 7.5 HIGH | N/A |
| Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-6860 | 1 Xigla | 1 Absolute Poll Manager Xe | 2026-06-16 | 7.5 HIGH | N/A |
| Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-6859 | 1 Xigla | 1 Absolute Control Panel Xe | 2026-06-16 | 7.5 HIGH | N/A |
| Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-6858 | 1 Xigla | 1 Absolute Banner Manager.net | 2026-06-16 | 7.5 HIGH | N/A |
| Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-6857 | 1 Xigla | 1 Absolute Podcast.net | 2026-06-16 | 7.5 HIGH | N/A |
| Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-6856 | 1 Xigla | 1 Absolute News Manager.net | 2026-06-16 | 7.5 HIGH | N/A |
| Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-6855 | 1 Xigla | 1 Absolute News Feed | 2026-06-16 | 7.5 HIGH | N/A |
| Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie. | |||||
| CVE-2008-6854 | 1 Xigla | 1 Absolute Faq Manager .net | 2026-06-16 | 7.5 HIGH | N/A |
| Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-6816 | 1 Eaton | 1 Network Shutdown Module | 2026-06-16 | 10.0 HIGH | N/A |
| Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php. | |||||
| CVE-2008-6815 | 1 Myktools | 1 Myktools | 2026-06-16 | 5.0 MEDIUM | N/A |
| mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup. | |||||