• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-264

CVE-2008-6756

February 26, 2023 by

ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file.

CVE-2008-6701

February 26, 2023 by

NetScout (formerly Network General) Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/en_US/domains/add_domain.jsp, which allows remote attackers to gain administrator privileges via a direct request.

CVE-2008-6673

February 26, 2023 by

asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action.

CVE-2008-6674

February 26, 2023 by

mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter.

CVE-2008-6643

February 26, 2023 by

LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.

CVE-2008-6650

February 26, 2023 by

del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary posts via a direct request with a modified post_id parameter, a different vulnerability than CVE-2008-4628.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 11
  • Go to page 12
  • Go to page 13
  • Go to page 14
  • Go to page 15
  • Interim pages omitted …
  • Go to page 136
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE