Total
3455 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2719 | 1 Hp | 1 Systems Insight Manager | 2018-10-16 | 10.0 HIGH | N/A |
| Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie. | |||||
| CVE-2007-2555 | 1 Podium Cms | 1 Podium Cms | 2018-10-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS). | |||||
| CVE-2007-2546 | 1 Simple Machines | 1 Simple Machines Forum | 2018-10-16 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
| CVE-2007-2277 | 1 Plogger | 1 Plogger | 2018-10-16 | 7.5 HIGH | N/A |
| Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
| CVE-2007-1953 | 1 Onelook | 1 Courts Online | 2018-10-16 | 7.5 HIGH | N/A |
| Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | |||||
| CVE-2007-1952 | 1 Onelook | 1 Onebyone Cms | 2018-10-16 | 7.5 HIGH | N/A |
| Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | |||||
| CVE-2007-1951 | 1 Onelook | 1 Oboshop | 2018-10-16 | 7.5 HIGH | N/A |
| Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | |||||
| CVE-2007-1949 | 1 Webblizzard | 1 Content Management System | 2018-10-16 | 7.5 HIGH | N/A |
| Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | |||||
| CVE-2007-1160 | 1 Webspell | 1 Webspell | 2018-10-16 | 10.0 HIGH | N/A |
| webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | |||||
| CVE-2007-0435 | 1 T-com | 2 Speedport 500v, Speedport 500v Firmware | 2018-10-16 | 7.5 HIGH | N/A |
| T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value. | |||||
| CVE-2008-0926 | 1 Novell | 1 Edirectory | 2018-10-15 | 7.5 HIGH | N/A |
| The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected. | |||||
| CVE-2008-0555 | 1 Apache-ssl | 1 Apache-ssl | 2018-10-15 | 7.5 HIGH | N/A |
| The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables. | |||||
| CVE-2008-0466 | 1 Webwiz | 3 Web Wiz Forums, Web Wiz Newspad, Web Wiz Rich Text Editor | 2018-10-15 | 5.0 MEDIUM | N/A |
| Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability. | |||||
| CVE-2008-0410 | 1 Hfs | 1 Http File Server | 2018-10-15 | 5.0 MEDIUM | N/A |
| HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL. | |||||
| CVE-2008-0408 | 1 Hfs | 1 Http File Server | 2018-10-15 | 6.4 MEDIUM | N/A |
| HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication. | |||||
| CVE-2008-0407 | 1 Hfs | 1 Http File Server | 2018-10-15 | 5.0 MEDIUM | N/A |
| HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request. | |||||
| CVE-2008-0403 | 1 Belkin | 1 F5d9230-4 | 2018-10-15 | 5.5 MEDIUM | N/A |
| The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi. | |||||
| CVE-2008-0377 | 1 News | 1 Micronews | 2018-10-15 | 10.0 HIGH | N/A |
| MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php. | |||||
| CVE-2008-0229 | 1 Level One | 1 Wbr-3460a | 2018-10-15 | 10.0 HIGH | N/A |
| The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access. | |||||
| CVE-2008-0150 | 1 Aruba Networks | 1 Aruba Mobility Controllers | 2018-10-15 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access. | |||||