aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php.
Max CVSS
7.5
EPSS Score
2.04%
Published
2008-10-29
Updated
2017-09-29
tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to "admin."
Max CVSS
7.5
EPSS Score
2.04%
Published
2008-10-29
Updated
2017-09-29
TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin.
Max CVSS
7.5
EPSS Score
4.71%
Published
2008-10-27
Updated
2017-09-29
Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors.
Max CVSS
9.0
EPSS Score
0.53%
Published
2008-10-23
Updated
2017-08-08
PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."
Max CVSS
7.5
EPSS Score
1.87%
Published
2008-10-23
Updated
2017-09-29
Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password cookies, which probably allows remote attackers to bypass authentication and gain administrative access via modified cookies.
Max CVSS
7.5
EPSS Score
1.66%
Published
2008-10-23
Updated
2017-09-29
BbZL.PhP 0.92 allows remote attackers to bypass authentication and gain administrative access by setting the phorum_admin_session cookie to 1.
Max CVSS
7.5
EPSS Score
1.80%
Published
2008-10-23
Updated
2017-09-29
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
Max CVSS
7.5
EPSS Score
0.92%
Published
2008-10-22
Updated
2017-08-08
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate.
Max CVSS
6.8
EPSS Score
1.13%
Published
2008-10-22
Updated
2017-08-08
Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
Max CVSS
7.5
EPSS Score
1.76%
Published
2008-10-22
Updated
2017-08-08
The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1.
Max CVSS
7.5
EPSS Score
10.65%
Published
2008-10-21
Updated
2017-09-29
PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies.
Max CVSS
7.5
EPSS Score
1.56%
Published
2008-10-20
Updated
2017-09-29
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires.
Max CVSS
7.8
EPSS Score
8.89%
Published
2008-10-15
Updated
2017-09-29
Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript.
Max CVSS
7.5
EPSS Score
0.79%
Published
2008-10-09
Updated
2017-08-08
changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.
Max CVSS
7.5
EPSS Score
1.06%
Published
2008-10-03
Updated
2017-09-29
Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
Max CVSS
7.2
EPSS Score
0.05%
Published
2008-10-15
Updated
2023-12-07
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors.
Max CVSS
4.3
EPSS Score
0.55%
Published
2008-10-23
Updated
2017-09-29
Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once.
Max CVSS
5.8
EPSS Score
0.58%
Published
2008-10-08
Updated
2017-08-08

CVE-2008-3466

Public exploit
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
Max CVSS
10.0
EPSS Score
97.14%
Published
2008-10-15
Updated
2018-10-12
19 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!