Total
3455 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3411 | 1 Axesstel | 1 Akw-d800 | 2018-10-11 | 10.0 HIGH | N/A |
| The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests. | |||||
| CVE-2008-3375 | 1 Jamroom | 1 Jamroom | 2018-10-11 | 7.5 HIGH | N/A |
| The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie. | |||||
| CVE-2008-3264 | 1 Asterisk | 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more | 2018-10-11 | 7.8 HIGH | N/A |
| The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request. | |||||
| CVE-2008-3033 | 1 Rss Aggregator | 1 Rss Aggregator | 2018-10-11 | 9.3 HIGH | N/A |
| RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php. | |||||
| CVE-2008-2879 | 1 Benjacms | 1 Benja Cms | 2018-10-11 | 6.4 MEDIUM | N/A |
| Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers to add or delete a menu. | |||||
| CVE-2008-2801 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-11 | 7.5 HIGH | N/A |
| Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files. | |||||
| CVE-2008-1930 | 1 Wordpress | 1 Wordpress | 2018-10-11 | 7.5 HIGH | N/A |
| The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013. | |||||
| CVE-2008-1883 | 1 Blackboard | 1 Blackboard Academic Suite | 2018-10-11 | 6.8 MEDIUM | N/A |
| The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string. | |||||
| CVE-2008-1528 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2018-10-11 | 4.0 MEDIUM | N/A |
| ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys. | |||||
| CVE-2008-1395 | 1 Plone | 1 Plone Cms | 2018-10-11 | 7.5 HIGH | N/A |
| Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes it easier for context-dependent attackers to reuse a logged-out session. | |||||
| CVE-2008-1334 | 1 Bt | 1 Home Hub | 2018-10-11 | 7.5 HIGH | N/A |
| cgi/b on the BT Home Hub router allows remote attackers to bypass authentication, and read or modify administrative settings or make arbitrary VoIP telephone calls, by placing a character at the end of the PATH_INFO, as demonstrated by (1) %5C (encoded backslash), (2) '%' (percent), and (3) '~' (tilde). NOTE: the '/' (slash) vector is already covered by CVE-2007-5383. | |||||
| CVE-2008-1321 | 1 Asg-sentry | 1 Asg-sentry | 2018-10-11 | 5.0 MEDIUM | N/A |
| The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier does require authentication, which allows remote attackers to cause a denial of service (service termination) via the exit command to TCP port 6162, or have other impacts via other commands. | |||||
| CVE-2008-1269 | 1 Alice | 1 Gate2 Plus Wi-fi | 2018-10-11 | 7.1 HIGH | N/A |
| cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request. | |||||
| CVE-2008-1268 | 1 Linksys | 1 Wrt54g | 2018-10-11 | 10.0 HIGH | N/A |
| The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password. | |||||
| CVE-2008-1264 | 1 Linksys | 1 Wrt54g | 2018-10-11 | 7.5 HIGH | N/A |
| The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file. | |||||
| CVE-2008-1262 | 1 Airspan | 1 Wimax Prost | 2018-10-11 | 10.0 HIGH | N/A |
| The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/. | |||||
| CVE-2008-1259 | 1 Zyxel | 1 P-2602hw-d1a | 2018-10-11 | 9.3 HIGH | N/A |
| The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated within the previous 5 minutes. | |||||
| CVE-2008-1244 | 1 Belkin | 1 F5d7230-4 | 2018-10-11 | 10.0 HIGH | N/A |
| cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected. | |||||
| CVE-2008-1134 | 1 Omegasoft | 1 Interneserviceslosungen | 2018-10-11 | 6.4 MEDIUM | N/A |
| OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports authentication with a cookie that lacks a shared secret, which allows remote attackers to login as an arbitrary user via a modified cookie. | |||||
| CVE-2008-1106 | 2 Akamai Technologies, Red Swoosh | 2 Client, Client | 2018-10-11 | 7.1 HIGH | N/A |
| The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files. | |||||