ReportizFlow
Filtered by vendor
Subscriptions
Total
3682 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6269 | 1 Joovili | 1 Joovili | 2024-11-21 | N/A |
| Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users. | ||||
| CVE-2008-6162 | 1 Bux | 1 Bux.to Clone Script | 2024-11-21 | N/A |
| Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin. | ||||
| CVE-2008-6143 | 1 Owentechkenya | 1 Owenpoll | 2024-11-21 | N/A |
| OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie. | ||||
| CVE-2008-6131 | 1 Mozilo | 1 Mozilowiki | 2024-11-21 | N/A |
| Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2008-6128 | 1 Mozilo | 1 Mozilocms | 2024-11-21 | N/A |
| Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2008-6118 | 1 Goople Cms | 1 Goople Cms | 2024-11-21 | N/A |
| win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1. | ||||
| CVE-2008-6092 | 1 Phpscripts | 1 Ranking-script | 2024-11-21 | N/A |
| phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie. | ||||
| CVE-2008-6045 | 1 Xt-commerce | 1 Xt-commerce | 2024-11-21 | N/A |
| Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter. | ||||
| CVE-2008-6039 | 1 Bluepage | 1 Bluepage Cms | 2024-11-21 | N/A |
| Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2008-6009 | 1 Sg Real Estate Portal | 1 Sg Real Estate Portal | 2024-11-21 | N/A |
| SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1. | ||||
| CVE-2008-5967 | 1 Phpicalendar | 1 Phpicalendar | 2024-11-21 | N/A |
| admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root. | ||||
| CVE-2008-5964 | 1 Impresscms | 1 Impresscms | 2024-11-21 | N/A |
| Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2008-5945 | 1 Nukevietcms | 1 Nukeviet | 2024-11-21 | N/A |
| Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-5880 | 1 Gobbl | 1 Gobbl Cms | 2024-11-21 | N/A |
| admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok". | ||||
| CVE-2008-5809 | 1 Futomi | 1 Access Analyzer Cgi | 2024-11-21 | N/A |
| futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id. | ||||
| CVE-2008-5783 | 1 V3chat | 1 V3 Chat Live Support | 2024-11-21 | N/A |
| admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | ||||
| CVE-2008-5721 | 1 Sapporoworks | 1 Blackjumbodog | 2024-11-21 | N/A |
| SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors. | ||||
| CVE-2008-5708 | 1 Slimcms | 1 Slimcms | 2024-11-21 | N/A |
| redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1. | ||||
| CVE-2008-5692 | 1 Ipswitch | 1 Ws Ftp | 2024-11-21 | N/A |
| Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name. | ||||
| CVE-2008-5686 | 1 Ibm | 1 Tivoli Provisioning Manager | 2024-11-21 | N/A |
| IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows. | ||||