Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter.
Max CVSS
6.5
EPSS Score
0.30%
Published
2008-07-31
Updated
2017-08-08
Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors.
Max CVSS
6.5
EPSS Score
0.47%
Published
2008-07-31
Updated
2017-08-08
The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests.
Max CVSS
10.0
EPSS Score
1.06%
Published
2008-07-31
Updated
2018-10-11
phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie.
Max CVSS
5.0
EPSS Score
0.30%
Published
2008-07-31
Updated
2017-09-29
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie.
Max CVSS
7.5
EPSS Score
8.08%
Published
2008-07-30
Updated
2018-10-11
admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie.
Max CVSS
7.5
EPSS Score
3.66%
Published
2008-07-25
Updated
2017-10-19
admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie.
Max CVSS
7.5
EPSS Score
6.70%
Published
2008-07-25
Updated
2017-10-19
admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie.
Max CVSS
7.5
EPSS Score
1.86%
Published
2008-07-25
Updated
2017-10-19
admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie.
Max CVSS
7.5
EPSS Score
6.70%
Published
2008-07-25
Updated
2017-10-19
admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie.
Max CVSS
7.5
EPSS Score
7.25%
Published
2008-07-25
Updated
2017-10-19
admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie.
Max CVSS
7.5
EPSS Score
8.62%
Published
2008-07-25
Updated
2017-09-29
eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
1.07%
Published
2008-07-25
Updated
2017-08-08
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.
Max CVSS
6.4
EPSS Score
1.39%
Published
2008-07-24
Updated
2017-09-29
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
Max CVSS
7.8
EPSS Score
7.95%
Published
2008-07-24
Updated
2018-10-11
Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attackers to bypass authentication and gain administrative access by setting the cookid cookie value to 1.
Max CVSS
7.5
EPSS Score
1.56%
Published
2008-07-18
Updated
2017-09-29
js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter.
Max CVSS
7.5
EPSS Score
4.05%
Published
2008-07-17
Updated
2017-10-19
RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php.
Max CVSS
9.3
EPSS Score
1.93%
Published
2008-07-07
Updated
2018-10-11
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.
Max CVSS
7.5
EPSS Score
20.23%
Published
2008-07-07
Updated
2018-10-11
18 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!