Total
3419 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-4515 | 1 Blue Coat Systems | 1 K9 Web Protection | 2017-08-08 | N/A |
Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript. | ||||
CVE-2008-4389 | 1 Symantec | 2 Appstream, Workspace Streaming | 2017-08-08 | N/A |
Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors. | ||||
CVE-2008-3866 | 1 Trend Micro | 3 Internet Security 2007, Internet Security 2008, Officescan | 2017-08-08 | N/A |
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets. | ||||
CVE-2008-3814 | 1 Cisco | 1 Unity | 2017-08-08 | N/A |
Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once. | ||||
CVE-2008-3729 | 1 Microworld Technologies | 1 Mailscan | 2017-08-08 | N/A |
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie. | ||||
CVE-2008-3611 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | N/A |
Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen. | ||||
CVE-2008-3610 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | N/A |
Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list. | ||||
CVE-2008-3579 | 2 Calacode, Linux | 2 Atmail, Linux Kernel | 2017-08-08 | N/A |
Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitation of CVE-2008-3395. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2008-3504 | 1 Mpfm | 1 Mask Php File Manager | 2017-08-08 | N/A |
Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 has unknown impact and remote attack vectors related to "manipulation of cookies." | ||||
CVE-2008-3503 | 1 Webgui | 1 Plain Black Webgui | 2017-08-08 | N/A |
RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data). | ||||
CVE-2008-3428 | 1 Phpfreechat | 1 Phpfreechat | 2017-08-08 | N/A |
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter. | ||||
CVE-2008-3425 | 1 Sun | 2 Java System Web Server Plugin, N1 Service Provisioning System | 2017-08-08 | N/A |
Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors. | ||||
CVE-2008-3299 | 1 Esyndicat | 1 Esyndicat | 2017-08-08 | N/A |
eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2008-2730 | 1 Cisco | 1 Unified Communications Manager | 2017-08-08 | N/A |
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843. | ||||
CVE-2008-2705 | 1 Sun | 1 Java System Access Manager | 2017-08-08 | N/A |
Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors. | ||||
CVE-2008-2528 | 1 Citrix | 1 Access Gateway | 2017-08-08 | N/A |
Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors. | ||||
CVE-2008-2524 | 1 Blogphp | 1 Blogphp | 2017-08-08 | N/A |
BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie. | ||||
CVE-2008-2516 | 1 Libpam-pgsql | 1 Libpam-pgsql | 2017-08-08 | N/A |
pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration. | ||||
CVE-2008-2406 | 1 Sun | 1 Java Asp Server | 2017-08-08 | N/A |
The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102. | ||||
CVE-2008-1938 | 1 Sony | 1 Mylo Com 2 | 2017-08-08 | N/A |
Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks. |