Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-0910

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Feb, 2008 | 22:00
Updated At-07 Aug, 2024 | 08:01
Rejected At-
Credits

Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive. NOTE: this might be related to CVE-2008-0792.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Feb, 2008 | 22:00
Updated At:07 Aug, 2024 | 08:01
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive. NOTE: this might be related to CVE-2008-0792.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/40480
vdb-entry
x_refsource_XF
http://www.securitytracker.com/id?1019405
vdb-entry
x_refsource_SECTRACK
http://www.securitytracker.com/id?1019412
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/28919
third-party-advisory
x_refsource_SECUNIA
http://www.f-secure.com/security/fsc-2008-1.shtml
x_refsource_CONFIRM
http://www.securitytracker.com/id?1019413
vdb-entry
x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2008/0544/references
vdb-entry
x_refsource_VUPEN
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/40480
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securitytracker.com/id?1019405
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securitytracker.com/id?1019412
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/28919
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.f-secure.com/security/fsc-2008-1.shtml
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1019413
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.vupen.com/english/advisories/2008/0544/references
Resource:
vdb-entry
x_refsource_VUPEN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/40480
vdb-entry
x_refsource_XF
x_transferred
http://www.securitytracker.com/id?1019405
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securitytracker.com/id?1019412
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/28919
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.f-secure.com/security/fsc-2008-1.shtml
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id?1019413
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.vupen.com/english/advisories/2008/0544/references
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/40480
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securitytracker.com/id?1019405
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securitytracker.com/id?1019412
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/28919
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.f-secure.com/security/fsc-2008-1.shtml
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1019413
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/0544/references
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Feb, 2008 | 22:44
Updated At:08 Aug, 2017 | 01:29

Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive. NOTE: this might be related to CVE-2008-0792.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
F-Secure Corporation
f-secure
>>f-secure_anti-virus>>2006
cpe:2.3:a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_anti-virus>>2007
cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_anti-virus>>2007
cpe:2.3:a:f-secure:f-secure_anti-virus:2007:second_edition:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_anti-virus>>2008
cpe:2.3:a:f-secure:f-secure_anti-virus:2008:*:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_anti-virus_client_security>>6.03
cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:6.03:*:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_anti-virus_client_security>>6.04
cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:6.04:*:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_anti-virus_client_security>>7.01
cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:7.01:*:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_anti-virus_client_security>>7.10
cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:7.10:*:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_anti-virus_for_linux>>4.65
cpe:2.3:a:f-secure:f-secure_anti-virus_for_linux:4.65:*:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_anti-virus_for_workstations>>5.44
cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:5.44:*:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_anti-virus_for_workstations>>7.00
cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.00:*:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_anti-virus_for_workstations>>7.10
cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.10:*:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_anti-virus_linux_client_security>>5.52
cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.52:*:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_anti-virus_linux_client_security>>5.53
cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.53:*:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_internet_security>>2006
cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_internet_security>>2007
cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_internet_security>>2007
cpe:2.3:a:f-secure:f-secure_internet_security:2007:second_edition:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_internet_security>>2008
cpe:2.3:a:f-secure:f-secure_internet_security:2008:*:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_protection_service_for_business>>Versions up to 3.00(inclusive)
cpe:2.3:a:f-secure:f-secure_protection_service_for_business:*:*:*:*:*:*:*:*
F-Secure Corporation
f-secure
>>f-secure_protection_service_for_consumers>>Versions up to 7.00(inclusive)
cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/28919cve@mitre.org
Vendor Advisory
http://www.f-secure.com/security/fsc-2008-1.shtmlcve@mitre.org
Patch
http://www.securitytracker.com/id?1019405cve@mitre.org
N/A
http://www.securitytracker.com/id?1019412cve@mitre.org
N/A
http://www.securitytracker.com/id?1019413cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2008/0544/referencescve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/40480cve@mitre.org
N/A
Hyperlink: http://secunia.com/advisories/28919
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.f-secure.com/security/fsc-2008-1.shtml
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.securitytracker.com/id?1019405
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1019412
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1019413
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/0544/references
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/40480
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

215Records found
CVE-2008-3856
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 73.65%
||
7 Day CHG~0.00%
Published-28 Aug, 2008 | 17:00
Updated-07 Aug, 2024 | 09:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2_universal_databasen/a
CWE ID-CWE-264
Not Available
CVE-2008-4506
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.27%
||
7 Day CHG~0.00%
Published-09 Oct, 2008 | 16:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_quickrn/a
CWE ID-CWE-264
Not Available
CVE-2008-3454
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.64% / 85.16%
||
7 Day CHG~0.00%
Published-04 Aug, 2008 | 19:00
Updated-07 Aug, 2024 | 09:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1.

Action-Not Available
Vendor-jnshostsn/a
Product-php_hosting_directoryn/a
CWE ID-CWE-264
Not Available
CVE-2018-5472
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-1.94% / 82.67%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 14:00
Updated-17 Sep, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.

Action-Not Available
Vendor-Philips
Product-intellispace_portalPhilips IntelliSpace Portal
CWE ID-CWE-264
Not Available
CVE-2008-3423
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.12%
||
7 Day CHG~0.00%
Published-04 Aug, 2008 | 01:00
Updated-07 Aug, 2024 | 09:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_portaln/a
CWE ID-CWE-264
Not Available
CVE-2008-3046
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.95%
||
7 Day CHG~0.00%
Published-07 Jul, 2008 | 18:20
Updated-07 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete blacklist vulnerability in the Packman (kb_packman) extension 0.2.1 and earlier for TYPO3 has unknown impact and attack vectors.

Action-Not Available
Vendor-n/aTYPO3 Association
Product-packman_extensionn/a
CWE ID-CWE-264
Not Available
CVE-2007-6619
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 68.09%
||
7 Day CHG~0.00%
Published-03 Jan, 2008 | 23:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.

Action-Not Available
Vendor-n/aAtlassian
Product-jiran/a
CWE ID-CWE-264
Not Available
CVE-2007-6645
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.29%
||
7 Day CHG~0.00%
Published-04 Jan, 2008 | 01:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."

Action-Not Available
Vendor-n/aJoomla!
Product-joomlan/a
CWE ID-CWE-264
Not Available
CVE-2007-6668
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.93% / 87.85%
||
7 Day CHG~0.00%
Published-08 Jan, 2008 | 02:00
Updated-07 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading (1) a .php file and (2) a .php%00.jpeg file.

Action-Not Available
Vendor-peergoaln/a
Product-myspace_content_zonen/a
CWE ID-CWE-264
Not Available
CVE-2007-5771
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.00% / 87.97%
||
7 Day CHG~0.00%
Published-01 Nov, 2007 | 16:04
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.

Action-Not Available
Vendor-flatnuke3n/a
Product-flatnuke3n/a
CWE ID-CWE-264
Not Available
CVE-2007-5230
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.23% / 89.58%
||
7 Day CHG~0.00%
Published-05 Oct, 2007 | 23:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231.

Action-Not Available
Vendor-zomplogn/a
Product-zomplogn/a
CWE ID-CWE-264
Not Available
CVE-2018-11462
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-10.54% / 92.96%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). By sending a specially crafted authentication request to the affected systems a remote attacker could escalate his privileges to an elevated user account but not to root. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_808d_v4.8sinumerik_840d_sl_v4.7sinumerik_808d_v4.7_firmwaresinumerik_828d_v4.7_firmwaresinumerik_840d_sl_v4.7_firmwaresinumerik_840d_sl_v4.8sinumerik_828d_v4.7sinumerik_840d_sl_v4.8_firmwaresinumerik_808d_v4.8_firmwaresinumerik_808d_v4.7SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8
CWE ID-CWE-264
Not Available
CVE-2018-0398
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.96% / 75.56%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 23:00
Updated-29 Nov, 2024 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Cisco Bug IDs: CSCvg71018.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-finesseCisco Finesse unknown
CWE ID-CWE-264
Not Available
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2018-0130
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.99% / 75.95%
||
7 Day CHG~0.00%
Published-22 Feb, 2018 | 00:00
Updated-02 Dec, 2024 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static default credentials for the web-based service portal of the affected software. An attacker could exploit this vulnerability by extracting the credentials from an image of the affected software and using those credentials to generate a valid administrative session token for the web-based service portal of any other installation of the affected software. A successful exploit could allow the attacker to gain administrative access to the web-based service portal of an affected system. This vulnerability affects Cisco Elastic Services Controller Software Release 3.0.0. Cisco Bug IDs: CSCvg30884.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-virtual_managed_servicesCisco Elastic Services Controller
CWE ID-CWE-264
Not Available
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2021-36879
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 59.56%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 15:32
Updated-28 Mar, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress uListing plugin <= 2.0.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration.

Action-Not Available
Vendor-stylemixthemesStylemixThemes
Product-ulistinguListing (WordPress plugin)
CWE ID-CWE-264
Not Available
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found