Export limit exceeded: 12492 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12492 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5791 | 1 Vonage | 1 Motorola Phone Adapter Vt2142-vd | 2026-04-23 | N/A |
| The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content. | ||||
| CVE-2008-3317 | 1 Maian Script World | 1 Maian Search | 2026-04-23 | N/A |
| admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie. | ||||
| CVE-2008-5158 | 1 Clientsoftware | 1 Wincome Mpd Total | 2026-04-23 | N/A |
| Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving "simply skipping the auth stage." | ||||
| CVE-2007-4419 | 1 Olate | 1 Olatedownload | 2026-04-23 | N/A |
| Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area. | ||||
| CVE-2007-3988 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2026-04-23 | N/A |
| Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2008-1268 | 1 Linksys | 1 Wrt54g | 2026-04-23 | N/A |
| The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password. | ||||
| CVE-2008-5221 | 1 Wportfolio | 1 Wportfolio | 2026-04-23 | N/A |
| The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters. | ||||
| CVE-2008-5125 | 1 Castillocentral | 1 Ccleague | 2026-04-23 | N/A |
| admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin. | ||||
| CVE-2007-2243 | 1 Openbsd | 1 Openssh | 2026-04-23 | N/A |
| OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483. | ||||
| CVE-2008-4081 | 1 Stash | 1 Stash | 2026-04-23 | N/A |
| admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie. | ||||
| CVE-2008-4427 | 1 Phlatline | 1 Personal Information Manager | 2026-04-23 | N/A |
| changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords. | ||||
| CVE-2008-7156 | 1 Ekinboard | 1 Ekinboard | 2026-04-23 | N/A |
| EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php. | ||||
| CVE-2007-5862 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. | ||||
| CVE-2008-4146 | 1 Addalink | 1 Addalink | 2026-04-23 | N/A |
| Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field. | ||||
| CVE-2008-3425 | 1 Sun | 2 Java System Web Server Plugin, N1 Service Provisioning System | 2026-04-23 | N/A |
| Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors. | ||||
| CVE-2008-3264 | 1 Asterisk | 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more | 2026-04-23 | N/A |
| The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request. | ||||
| CVE-2008-6667 | 1 Marc Melvin | 1 A\+ Php Scripts News Management System | 2026-04-23 | N/A |
| A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1. | ||||
| CVE-2008-6581 | 1 Phpaddedit | 1 Phpaddedit | 2026-04-23 | N/A |
| login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter. | ||||
| CVE-2008-3503 | 1 Webgui | 1 Plain Black Webgui | 2026-04-23 | N/A |
| RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data). | ||||
| CVE-2007-4043 | 1 Securecomputing | 1 Securityreporter | 2026-04-23 | 9.8 Critical |
| file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files. | ||||