• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-264

CVE-2008-6869

February 26, 2023 by

Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini.

CVE-2008-6870

February 26, 2023 by

Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to (1) config.asp and (2) users.asp.

CVE-2008-6871

February 26, 2023 by

Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request.

CVE-2008-6886

February 26, 2023 by

RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks.

CVE-2008-6844

February 26, 2023 by

The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters.

CVE-2008-6799

February 26, 2023 by

connection.php in FlashChat 5.0.8 allows remote attackers to bypass the role filter mechanism and gain administrative privileges by setting the s parameter to “7.”

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 9
  • Go to page 10
  • Go to page 11
  • Go to page 12
  • Go to page 13
  • Interim pages omitted …
  • Go to page 136
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE