CVE-2007-2985

HIGH Year: 2007
CVSS v2 Score
10.0
Critical
Weakness Type
CWE-264
View all →

Vulnerability Description

Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php.

Related Vulnerabilities

CVE-2015-7425

CRITICAL
CVSS:10.0(Critical)

The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6....

CWE-2642015

CVE-2015-7919

CRITICAL
CVSS:10.0(Critical)

SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.

CWE-2642015

CVE-2015-8267

CRITICAL
CVSS:10.0(Critical)

The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords v...

CWE-2642015

CVE-2016-7457

CRITICAL
CVSS:10.0(Critical)

VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.

CWE-2642016

CVE-2016-8363

CRITICAL
CVSS:10.0(Critical)

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RT...

CWE-2642016

CVE-2015-7411

CRITICAL
CVSS:9.9(Critical)

The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors.

CWE-2642015