Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2488 | 1 Beaussier | 1 Roomphplanning | 2017-09-29 | 6.5 MEDIUM | N/A |
| admin/userform.php in RoomPHPlanning 1.5 does not require administrative credentials, which allows remote authenticated users to create new admin accounts. | |||||
| CVE-2008-2349 | 1 Zomp | 1 Zomplog | 2017-09-29 | 7.5 HIGH | N/A |
| Zomplog 3.8.2 and earlier allows remote attackers to gain administrative access by creating an admin account via a direct request to install/newuser.php with the admin parameter set to 1. | |||||
| CVE-2008-2348 | 1 Meltingicefs | 1 Meltingice File System | 2017-09-29 | 7.5 HIGH | N/A |
| MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php. | |||||
| CVE-2008-2346 | 1 Alkalinephp | 1 Alkalinephp | 2017-09-29 | 7.5 HIGH | N/A |
| AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass authentication and gain administrative access by creating an admin account via a direct request to adduser.php. | |||||
| CVE-2008-2343 | 1 News Manager | 1 News Manager | 2017-09-29 | 7.5 HIGH | N/A |
| News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php. | |||||
| CVE-2008-2338 | 1 Interspire | 1 Activekb | 2017-09-29 | 7.5 HIGH | N/A |
| Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin. | |||||
| CVE-2008-2297 | 1 Roticv | 1 Rantx | 2017-09-29 | 7.5 HIGH | N/A |
| The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "<?php" or "?>", which is present in the password file and probably passes an insufficient comparison. | |||||
| CVE-2008-2294 | 1 Mreaves | 1 Pet Grooming Management System | 2017-09-29 | 7.5 HIGH | N/A |
| Pet Grooming Management System 2.0 allows remote attackers to gain privileges via a direct request to useradded.php with a modified user name for "admin." | |||||
| CVE-2008-2293 | 1 Tpvgames | 1 Mpcs | 2017-09-29 | 7.5 HIGH | N/A |
| admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1. | |||||
| CVE-2008-2216 | 1 Pbcs | 1 Project-based Calendaring System | 2017-09-29 | 9.0 HIGH | N/A |
| Unrestricted file upload vulnerability in src/yopy_upload.php in Project-Based Calendaring System (PBCS) 0.7.1 allows remote authenticated users to upload arbitrary files to tmp/uploads. | |||||
| CVE-2008-1946 | 1 Gnu | 1 Coreutils | 2017-09-29 | 4.4 MEDIUM | N/A |
| The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module. | |||||
| CVE-2008-1790 | 1 Iscripts | 1 Socialware | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability. | |||||
| CVE-2008-1784 | 1 Prozilla | 1 Topsites | 2017-09-29 | 7.5 HIGH | N/A |
| Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/. | |||||
| CVE-2008-1783 | 1 Prozilla | 1 Reviews | 2017-09-29 | 6.4 MEDIUM | N/A |
| Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php. | |||||
| CVE-2008-1710 | 1 Ibm | 1 Aix | 2017-09-29 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable. | |||||
| CVE-2008-1668 | 1 Hp | 1 Hp-ux | 2017-09-29 | 10.0 HIGH | N/A |
| ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information. | |||||
| CVE-2008-1600 | 1 Ibm | 1 Aix | 2017-09-29 | 7.2 HIGH | N/A |
| The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329. | |||||
| CVE-2008-1599 | 1 Ibm | 1 Aix | 2017-09-29 | 7.2 HIGH | N/A |
| The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat. | |||||
| CVE-2008-1595 | 1 Ibm | 1 Aix | 2017-09-29 | 4.9 MEDIUM | N/A |
| The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information. | |||||
| CVE-2008-1593 | 1 Ibm | 1 Aix | 2017-09-29 | 7.2 HIGH | N/A |
| The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function. | |||||