Export limit exceeded: 364929 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12745 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3428 1 Phpfreechat 1 Phpfreechat 2026-04-23 N/A
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter.
CVE-2008-1883 1 Blackboard 1 Blackboard Academic Suite 2026-04-23 N/A
The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.
CVE-2008-2298 1 Sourceforge 1 Web Slider 2026-04-23 N/A
Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1.
CVE-2008-3425 1 Sun 2 Java System Web Server Plugin, N1 Service Provisioning System 2026-04-23 N/A
Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors.
CVE-2008-2833 1 Worldlevel 1 Le.cms 2026-04-23 N/A
admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters.
CVE-2009-0412 1 Interspire 1 Shopping Cart 2026-04-23 N/A
The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.
CVE-2008-5219 1 Videoscript 1 Videoscript 2026-04-23 N/A
The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters.
CVE-2008-3411 1 Axesstel 1 Akw-d800 2026-04-23 N/A
The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests.
CVE-2008-1897 1 Asterisk 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more 2026-04-23 N/A
The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.
CVE-2008-3322 1 Maian 1 Recipe 2026-04-23 N/A
admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie.
CVE-2008-3321 1 Maian Script World 1 Maian Uploader 2026-04-23 N/A
admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie.
CVE-2008-7124 1 Zkup 1 Zkup 2026-04-23 N/A
zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.
CVE-2008-5880 1 Gobbl 1 Gobbl Cms 2026-04-23 N/A
admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok".
CVE-2008-3264 1 Asterisk 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more 2026-04-23 N/A
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
CVE-2008-7156 1 Ekinboard 1 Ekinboard 2026-04-23 N/A
EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php.
CVE-2008-5355 1 Sun 3 Jdk, Jre, Sdk 2026-04-23 N/A
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.
CVE-2008-1949 2 Gnu, Redhat 2 Gnutls, Enterprise Linux 2026-04-23 N/A
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
CVE-2008-2730 1 Cisco 1 Unified Communications Manager 2026-04-23 N/A
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843.
CVE-2008-1469 1 Gallarific 1 Gallarific 2026-04-23 N/A
Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2117 1 Phportal 1 Phportal 2026-04-23 N/A
uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username.