Total
4065 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0256 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.
|
|||||
| CVE-2008-6411 | 1 Explay | 1 Explay Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1.
|
|||||
| CVE-2009-0614 | 1 Cisco | 1 Unified Meetingplace Web Conferencing | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL.
|
|||||
| CVE-2009-4128 | 1 Gnu | 1 Grub 2 | 2025-04-09 | 7.2 HIGH | N/A |
|
GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.
|
|||||
| CVE-2007-6430 | 1 Asterisk | 2 Asterisk Business Edition, Open Source | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
|
|||||
| CVE-2006-6783 | 1 Logahead | 1 Logahead Unu | 2025-04-09 | 7.5 HIGH | N/A |
|
logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-4367 | 1 Sitecore | 1 Staging Module | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request.
|
|||||
| CVE-2008-7081 | 1 Raidsonic | 1 Icy Box Nas | 2025-04-09 | 10.0 HIGH | N/A |
|
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-5797 | 1 Apache | 1 Geronimo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
|
|||||
| CVE-2008-1938 | 1 Sony | 1 Mylo Com 2 | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks.
|
|||||
| CVE-2008-7027 | 1 Libra File Manager | 1 Php Filemanager | 2025-04-09 | 7.5 HIGH | N/A |
|
Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1.
|
|||||
| CVE-2008-0823 | 1 Drupal | 1 Header Image | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors.
|
|||||
| CVE-2007-3754 | 1 Apple | 2 Iphone, Iphone Os | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.
|
|||||
| CVE-2008-3320 | 1 Maian | 1 Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
|
admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie.
|
|||||
| CVE-2008-6039 | 1 Bluepage | 1 Bluepage Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
|
|||||
| CVE-2009-1504 | 1 Xigla | 1 Absolute Control Panel Xe | 2025-04-09 | 7.5 HIGH | N/A |
|
Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."
|
|||||
| CVE-2008-2269 | 1 Kevin Ludlow | 1 Austinsmoke Gastracker | 2025-04-09 | 7.5 HIGH | N/A |
|
AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers to bypass authentication and gain privileges by setting the gastracker_admin cookie to TRUE.
|
|||||
| CVE-2008-6128 | 1 Mozilo | 1 Mozilocms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
|
|||||
| CVE-2009-2328 | 1 Max Kervin | 1 Kervinet Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter.
|
|||||
| CVE-2008-1334 | 1 Bt | 1 Home Hub | 2025-04-09 | 7.5 HIGH | N/A |
|
cgi/b on the BT Home Hub router allows remote attackers to bypass authentication, and read or modify administrative settings or make arbitrary VoIP telephone calls, by placing a character at the end of the PATH_INFO, as demonstrated by (1) %5C (encoded backslash), (2) '%' (percent), and (3) '~' (tilde). NOTE: the '/' (slash) vector is already covered by CVE-2007-5383.
|
|||||
| CVE-2007-4693 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
|
The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."
|
|||||
| CVE-2008-0410 | 1 Hfs | 1 Http File Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.
|
|||||
| CVE-2008-4722 | 1 Sun | 37 Blade 6000 Modular System With Chassis, Blade 6048 Modular System With Chassis, Blade 8000 Modular System and 34 more | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors.
|
|||||
| CVE-2009-0362 | 1 Fail2ban | 1 Fail2ban | 2025-04-09 | 4.0 MEDIUM | N/A |
|
filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321.
|
|||||
| CVE-2009-1854 | 1 Cmsnx | 1 Million Dollar Text Links | 2025-04-09 | 7.5 HIGH | N/A |
|
Million Dollar Text Links 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the userid cookie to 1.
|
|||||
| CVE-2007-1228 | 2 Ibm, Unix | 2 Db2, Unix | 2025-04-09 | 4.4 MEDIUM | N/A |
|
IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.
|
|||||
| CVE-2008-6912 | 1 Zeeways | 1 Shaadiclone | 2025-04-09 | 7.5 HIGH | N/A |
|
Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php.
|
|||||
| CVE-2008-3411 | 1 Axesstel | 1 Akw-d800 | 2025-04-09 | 10.0 HIGH | N/A |
|
The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests.
|
|||||
| CVE-2007-4548 | 1 Apache | 1 Geronimo | 2025-04-09 | 10.0 HIGH | N/A |
|
The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
|
|||||
| CVE-2008-7046 | 1 Ajsquare | 1 Free Polling Script | 2025-04-09 | 6.4 MEDIUM | N/A |
|
AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-3211 | 1 Scripteen | 1 Free Image Hosting Script | 2025-04-09 | 7.5 HIGH | N/A |
|
Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attackers to bypass authentication and gain administrative access by setting the cookid cookie value to 1.
|
|||||
| CVE-2008-1130 | 1 Ibm | 1 Websphere Mq | 2025-04-09 | 6.6 MEDIUM | N/A |
|
Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel.
|
|||||
| CVE-2007-5152 | 1 Sun | 2 Java System Access Manager, Java System Application Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks.
|
|||||
| CVE-2008-7008 | 1 Hyperstop | 1 Web Host Directory | 2025-04-09 | 5.0 MEDIUM | N/A |
|
HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a database backup via a direct request to admin/backup/db.
|
|||||
| CVE-2008-3318 | 1 Maian | 1 Weblog | 2025-04-09 | 7.5 HIGH | N/A |
|
admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie.
|
|||||
| CVE-2008-7007 | 1 Phpversion | 1 Php Vx Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
|
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1.
|
|||||
| CVE-2008-1868 | 1 Pixel Motion | 1 Pixel Motion Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information.
|
|||||
| CVE-2008-6445 | 1 Yourplace | 1 Yourplace | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6763 | 1 Hypersilence | 1 Silentum Loginsys | 2025-04-09 | 7.5 HIGH | N/A |
|
login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypass authentication and obtain access to an arbitrary account by setting the logged_in cookie to that account's username.
|
|||||
| CVE-2009-0125 | 1 Finkproject | 1 Libnasl | 2025-04-09 | 5.0 MEDIUM | N/A |
|
NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has ...
Show More |
|||||