Total
3778 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5714 | 1 Gentoo | 1 Mldonkey Ebuild | 2025-04-09 | 6.8 MEDIUM | N/A |
| The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code. | |||||
| CVE-2008-1134 | 1 Omegasoft | 1 Interneserviceslosungen | 2025-04-09 | 6.4 MEDIUM | N/A |
| OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports authentication with a cookie that lacks a shared secret, which allows remote attackers to login as an arbitrary user via a modified cookie. | |||||
| CVE-2009-3261 | 1 Livestreet | 1 Livestreet | 2025-04-09 | 7.5 HIGH | N/A |
| update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors. | |||||
| CVE-2007-5862 | 1 Apple | 1 Mac Os X | 2025-04-09 | 9.4 HIGH | N/A |
| Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. | |||||
| CVE-2008-0823 | 1 Drupal | 1 Header Image | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors. | |||||
| CVE-2009-1836 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | |||||
| CVE-2008-6723 | 1 Turnkeyforms | 1 Entertainment Portal | 2025-04-09 | 7.5 HIGH | N/A |
| TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator. | |||||
| CVE-2007-1953 | 1 Onelook | 1 Courts Online | 2025-04-09 | 7.5 HIGH | N/A |
| Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | |||||
| CVE-2008-5558 | 1 Asterisk | 2 Asterisk Business Edition, Open Source | 2025-04-09 | 4.3 MEDIUM | N/A |
| Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching. | |||||
| CVE-2008-3466 | 1 Microsoft | 3 Host Integration Server 2000, Host Integration Server 2004, Host Integration Server 2006 | 2025-04-09 | 10.0 HIGH | N/A |
| Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." | |||||
| CVE-2007-1951 | 1 Onelook | 1 Oboshop | 2025-04-09 | 7.5 HIGH | N/A |
| Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | |||||
| CVE-2008-3317 | 1 Maian Script World | 1 Maian Search | 2025-04-09 | 7.5 HIGH | N/A |
| admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie. | |||||
| CVE-2008-6912 | 1 Zeeways | 1 Shaadiclone | 2025-04-09 | 7.5 HIGH | N/A |
| Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php. | |||||
| CVE-2009-0046 | 1 Sun | 1 Grid Engine | 2025-04-09 | 5.0 MEDIUM | N/A |
| Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-1826 | 1 Collector | 1 Mygesuad | 2025-04-09 | 6.5 MEDIUM | N/A |
| modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action. | |||||
| CVE-2007-5770 | 1 Ruby-lang | 1 Ruby | 2025-04-09 | 5.0 MEDIUM | N/A |
| The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162. | |||||
| CVE-2008-6553 | 1 Impliedbydesign | 1 Micro-cms | 2025-04-09 | 7.5 HIGH | N/A |
| microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a delete_admin action, and (3) modify administrative passwords via a change_password action. | |||||
| CVE-2009-0591 | 1 Openssl | 1 Openssl | 2025-04-09 | 2.6 LOW | N/A |
| The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid. | |||||
| CVE-2008-7156 | 1 Ekinboard | 1 Ekinboard | 2025-04-09 | 6.8 MEDIUM | N/A |
| EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php. | |||||
| CVE-2009-0128 | 1 Llnl | 1 Slurm | 2025-04-09 | 5.0 MEDIUM | N/A |
| plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Resource Management (aka SLURM or slurm-llnl) does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||