Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-28 | CVE-2008-7109 | Incorrect Authorization vulnerability in Kyoceramita Scanner File Utility 3.3.0.1 The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password. | 9.8 |
| 2009-08-14 | CVE-2009-1048 | Authentication Bypass by Spoofing vulnerability in Snom products The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header. | 9.8 |
| 2009-07-10 | CVE-2009-2422 | Improper Authentication vulnerability in multiple products The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password. | 9.8 |
| 2009-07-08 | CVE-2009-2382 | Improper Authentication vulnerability in Jay-Jayx0R PHPmyblockchecker 1.0.0055 admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN. | 9.8 |
| 2009-07-08 | CVE-2009-2367 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Iomega Storcenter PRO Firmware cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter. | 9.8 |
| 2009-06-22 | CVE-2009-2168 | Improper Authentication vulnerability in Egyplus 7Ammel 1.0.1 cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters. | 9.8 |
| 2009-06-05 | CVE-2009-1936 | Path Traversal vulnerability in Cpcommerce Project Cpcommerce 1.2.0/1.2.9 _functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500. | 9.8 |
| 2009-03-26 | CVE-2009-1151 | Code Injection vulnerability in multiple products Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. | 9.8 |
| 2008-12-31 | CVE-2008-5784 | Reliance on Cookies without Validation and Integrity Checking vulnerability in V3Chat V3 Chat Profiles Dating Script 3.0.2 V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | 9.8 |
| 2008-11-12 | CVE-2008-5038 | Use After Free vulnerability in Novell Edirectory Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852. | 9.8 |