CVSS: 7.8EPSS: 66%CPEs: 17EXPL: 2CVE-2011-5034 – MyBulletinBoard (MyBB) 1.1.5 - 'CLIENT-IP' SQL Injection
https://notcve.org/view.php?id=CVE-2011-5034
30 Dec 2011 — Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461. Apache Geronimo v2.2.1 y anteriores calcula los valores hash de los parámetros de forma, sin restringir la capacidad de desencadenar colisiones hash predecible, lo que permite a atacantes remotos provocar una den... • https://packetstorm.news/files/id/180523 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-5797
https://notcve.org/view.php?id=CVE-2007-5797
03 Nov 2007 — SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database. El SQLLoginModule en el Apache Geronimo 2.0 hasta el 2.1 no lanza una excepción para nombre de usuarios no existentes, lo que permite a atacantes remotos evitar la autenticación mediante un intento de registrase con algún usuario que no esté contenido en la Base de Datos. • http://osvdb.org/38662 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4548
https://notcve.org/view.php?id=CVE-2007-4548
27 Aug 2007 — The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module. El método de entrada en las implementaciones LoginModule en Apache Geronimo 2.0 no pasa por FailedLoginException para las entradas fallidas, lo cual permite a ata... • http://geronimo.apache.org/2007/08/13/apache-geronimo-v20-release-delayed-due-to-security-issue.html • CWE-287: Improper Authentication •