CyberSecurityBoard
Sponsor Register Login

CVE-2007-4548

The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.

Publication date: Tue, 28 Aug 2007 04:17:00 +0000


Cyber News related to CVE-2007-4548

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
6 years ago
CVE-2007-4548 - The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative ...
16 years ago
CVE-2007-1220 - The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code. ...
6 years ago
CVE-2007-1221 - The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection. ...
6 years ago
CVE-2006-4548 - e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the ...
1 year ago
CVE-2010-4548 - IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (daemon crash) by accepting a meeting invitation with an iNotes client and then accepting this meeting invitation with an iPhone client. ...
14 years ago
CVE-2005-4548 - SQL injection vulnerability in the "user area" in RWS Statistics Counter before 2.4.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors. ...
13 years ago
CVE-2009-4548 - Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; ...
7 years ago
CVE-2012-4548 - Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command. Per ...
7 years ago
CVE-2011-4548 - Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. ...
7 years ago
CVE-2008-4548 - Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control (CamPanel.dll) in RTS Sentry 2.1.0.2 allows remote attackers to execute arbitrary code via a long second argument to the ConnectServer method. ...
7 years ago
CVE-2013-4548 - The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ...
5 years ago
CVE-2014-4548 - Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the Ruven Toolkit plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the popup parameter. ...
5 years ago
CVE-2019-4548 - IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click ...
5 years ago
CVE-2020-4548 - IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM ...
4 years ago
CVE-2015-4548 - EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account and writing commands to a service configuration file. ...
3 years ago
CVE-2022-4548 - The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. ...
2 years ago
CVE-2023-4548 - A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. ...
1 year ago
CVE-2018-4548 - ** REJECT ** This candidate is unused by its CNA. ...
1 year ago
CVE-2017-4548 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com
CVE-2021-47092 - In the Linux kernel, the following vulnerability has been resolved: ...
11 months ago
CVE-2024-4548 - An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated ...
9 months ago
CVE-2024-35911 - In the Linux kernel, the following vulnerability has been resolved: ice: fix memory corruption bug with suspend and rebuild The ice driver would previously panic after suspend. This is caused from the driver *only* calling the ...
8 months ago Tenable.com
CVE-2013-6078 - The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to ...
10 years ago
CVE-2016-0012 - Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, ...
6 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)