Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface."
Max CVSS
10.0
EPSS Score
9.69%
Published
2008-11-17
Updated
2017-07-20
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
Max CVSS
7.2
EPSS Score
0.26%
Published
2008-01-09
Updated
2023-01-18
DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.
Max CVSS
6.8
EPSS Score
2.14%
Published
2008-04-17
Updated
2017-08-08
Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access.
Max CVSS
6.8
EPSS Score
1.15%
Published
2008-01-09
Updated
2018-10-15
Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140.
Max CVSS
6.4
EPSS Score
0.26%
Published
2008-01-10
Updated
2017-09-29
The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access.
Max CVSS
10.0
EPSS Score
1.15%
Published
2008-01-10
Updated
2018-10-15
Open System Consultants (OSC) Radiator before 4.0 allows remote attackers to cause a denial of service (daemon crash) via malformed RADIUS requests, as demonstrated by packets sent by nmap.
Max CVSS
7.8
EPSS Score
2.43%
Published
2008-01-17
Updated
2017-08-08
admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php.
Max CVSS
5.0
EPSS Score
0.24%
Published
2008-01-18
Updated
2017-09-29
MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php.
Max CVSS
10.0
EPSS Score
0.79%
Published
2008-01-22
Updated
2018-10-15
inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters.
Max CVSS
7.5
EPSS Score
0.54%
Published
2008-01-23
Updated
2017-09-29
The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi.
Max CVSS
5.5
EPSS Score
0.98%
Published
2008-01-23
Updated
2018-10-15
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
Max CVSS
5.0
EPSS Score
0.49%
Published
2008-01-29
Updated
2018-10-15
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
Max CVSS
6.4
EPSS Score
0.77%
Published
2008-01-29
Updated
2018-10-15
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.
Max CVSS
5.0
EPSS Score
0.73%
Published
2008-01-29
Updated
2018-10-15
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
Max CVSS
5.0
EPSS Score
0.55%
Published
2008-01-29
Updated
2018-10-15
ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
6.4
EPSS Score
0.36%
Published
2008-01-29
Updated
2017-08-08
Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers "illegal I/O operations," aka Bug ID CSCsh49563.
Max CVSS
7.8
EPSS Score
2.67%
Published
2008-05-22
Updated
2017-08-08
The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
Max CVSS
7.5
EPSS Score
1.12%
Published
2008-04-04
Updated
2018-10-15
Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.
Max CVSS
10.0
EPSS Score
0.78%
Published
2008-02-08
Updated
2011-07-25
Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password.
Max CVSS
7.2
EPSS Score
0.20%
Published
2008-03-31
Updated
2017-08-08
Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors.
Max CVSS
10.0
EPSS Score
1.15%
Published
2008-02-19
Updated
2017-08-08
BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers.
Max CVSS
6.4
EPSS Score
0.30%
Published
2008-02-22
Updated
2011-03-08

CVE-2008-0926

Public exploit
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.
Max CVSS
7.5
EPSS Score
34.62%
Published
2008-03-28
Updated
2018-10-15
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
Max CVSS
10.0
EPSS Score
96.82%
Published
2008-06-10
Updated
2018-10-30
The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files.
Max CVSS
7.1
EPSS Score
0.24%
Published
2008-06-09
Updated
2018-10-11
142 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!