ByteOS Network

Vulnerability Details :

CVE-2008-6674

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-08 Apr, 2009 | 10:00

Updated At-07 Aug, 2024 | 11:41

mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:08 Apr, 2009 | 10:00

Updated At:07 Aug, 2024 | 11:41

▼CVE Numbering Authority (CNA)

mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.bugreport.ir/39/exploit.htm	x_refsource_MISC
http://www.bugreport.ir/index_39.htm	x_refsource_MISC
http://secunia.com/advisories/30501	third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/29524	vdb-entry x_refsource_BID

Hyperlink: http://www.bugreport.ir/39/exploit.htm

Resource:

x_refsource_MISC

Hyperlink: http://www.bugreport.ir/index_39.htm

Resource:

x_refsource_MISC

Hyperlink: http://secunia.com/advisories/30501

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.securityfocus.com/bid/29524

Resource:

vdb-entry

x_refsource_BID

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.bugreport.ir/39/exploit.htm	x_refsource_MISC x_transferred
http://www.bugreport.ir/index_39.htm	x_refsource_MISC x_transferred
http://secunia.com/advisories/30501	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.securityfocus.com/bid/29524	vdb-entry x_refsource_BID x_transferred

Hyperlink: http://www.bugreport.ir/39/exploit.htm

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://www.bugreport.ir/index_39.htm

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://secunia.com/advisories/30501

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.securityfocus.com/bid/29524

Resource:

vdb-entry

x_refsource_BID

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:08 Apr, 2009 | 10:30

Updated At:23 Apr, 2009 | 05:57

mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

quickersite>>quickersite>>1.8.5

cpe:2.3:a:quickersite:quickersite:1.8.5:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://secunia.com/advisories/30501	cve@mitre.org	Vendor Advisory
http://www.bugreport.ir/39/exploit.htm	cve@mitre.org	N/A
http://www.bugreport.ir/index_39.htm	cve@mitre.org	N/A
http://www.securityfocus.com/bid/29524	cve@mitre.org	N/A

Hyperlink: http://secunia.com/advisories/30501

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://www.bugreport.ir/39/exploit.htm

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.bugreport.ir/index_39.htm

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/29524

Source: cve@mitre.org

Resource: N/A

Similar CVEs

4Records found

CVE-2008-6673

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-1.46% / 80.02%

7 Day CHG~0.00%

Published-08 Apr, 2009 | 10:00

Updated-07 Aug, 2024 | 11:41

asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action.

Vendor-quickersite n/a

Product-quickersite n/a

CWE ID-CWE-264

Not Available

CVE-2019-12634

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-8.6||HIGH

EPSS-1.22% / 78.20%

7 Day CHG~0.00%

Published-21 Aug, 2019 | 18:05

Updated-19 Nov, 2024 | 19:01

Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.

Vendor-Cisco Systems, Inc.

Product-integrated_management_controller_supervisor ucs_director ucs_director_express_for_big_data Cisco Unified Computing System Director

CWE ID-CWE-264

Not Available

CWE ID-CWE-306

Missing Authentication for Critical Function

CVE-2008-4109

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-1.56% / 80.75%

7 Day CHG~0.00%

Published-17 Sep, 2008 | 18:06

Updated-07 Aug, 2024 | 10:00

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.

Vendor-n/a Debian GNU/Linux OpenBSD

Product-openssh linux n/a

CWE ID-CWE-264

Not Available

CVE-2007-5835

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-0.68% / 70.58%

7 Day CHG~0.00%

Published-05 Nov, 2007 | 19:00

Updated-07 Aug, 2024 | 15:47

Install.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access.

Vendor-bosdev n/a

Product-bosnews n/a

CWE ID-CWE-264

Not Available

CVE-2008-6674

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs