Total
4065 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1878 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
|
|||||
| CVE-2007-1062 | 1 Cisco | 4 Unified Ip Conference Station 7935, Unified Ip Conference Station 7935 Firmware, Unified Ip Conference Station 7936 and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
|
The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time
|
|||||
| CVE-2008-0960 | 6 Cisco, Ecos Sourceware, Ingate and 3 more | 25 Ace 10 6504 Bundle With 4 Gbps Throughput, Ace 10 6509 Bundle With 8 Gbps Throughput, Ace 10 Service Module and 22 more | 2025-04-09 | 10.0 HIGH | N/A |
|
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other pr ...
Show More |
|||||
| CVE-2009-2062 | 1 Apple | 1 Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.
|
|||||
| CVE-2007-3597 | 1 Zen Cart | 1 Zen Cart | 2025-04-09 | 8.5 HIGH | N/A |
|
Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter.
|
|||||
| CVE-2009-3657 | 2 Drupal, Tim Nelson | 2 Drupal, Shared Sign-on | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors.
|
|||||
| CVE-2009-3966 | 1 Arcadetradescript | 1 Arcade Trade Script | 2025-04-09 | 7.5 HIGH | N/A |
|
Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true.
|
|||||
| CVE-2008-2879 | 1 Benjacms | 1 Benja Cms | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers to add or delete a menu.
|
|||||
| CVE-2008-3317 | 1 Maian Script World | 1 Maian Search | 2025-04-09 | 7.5 HIGH | N/A |
|
admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie.
|
|||||
| CVE-2009-0412 | 1 Interspire | 1 Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.
|
|||||
| CVE-2009-0025 | 1 Isc | 1 Bind | 2025-04-09 | 6.8 MEDIUM | N/A |
|
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
|
|||||
| CVE-2008-6718 | 1 Uochm | 1 Justbookit | 2025-04-09 | 7.5 HIGH | N/A |
|
U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) user_manual.php, (2) user_config.php, (3) user_kundnamn.php, (4) user_kundlista.php, (5) user_aktiva_kunder.php, (6) database.php, and possibly (7) index.php.
|
|||||
| CVE-2008-5355 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 10.0 HIGH | N/A |
|
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.
|
|||||
| CVE-2007-1949 | 1 Webblizzard | 1 Content Management System | 2025-04-09 | 7.5 HIGH | N/A |
|
Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
|
|||||
| CVE-2009-0655 | 1 Lenovo | 1 Veriface | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user.
|
|||||
| CVE-2008-6864 | 1 Xigla | 1 Absolute Live Support .net | 2025-04-09 | 7.5 HIGH | N/A |
|
Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
|
|||||
| CVE-2007-5006 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores.
|
|||||
| CVE-2008-3466 | 1 Microsoft | 3 Host Integration Server 2000, Host Integration Server 2004, Host Integration Server 2006 | 2025-04-09 | 10.0 HIGH | N/A |
|
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
|
|||||
| CVE-2007-1952 | 1 Onelook | 1 Onebyone Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
|
|||||
| CVE-2009-4409 | 1 Iij | 1 Seil\/b1 | 2025-04-09 | 2.6 LOW | N/A |
|
The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack.
|
|||||
| CVE-2008-0555 | 1 Apache-ssl | 1 Apache-ssl | 2025-04-09 | 7.5 HIGH | N/A |
|
The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
|
|||||
| CVE-2009-1155 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors.
|
|||||
| CVE-2008-4515 | 1 Blue Coat Systems | 1 K9 Web Protection | 2025-04-09 | 7.5 HIGH | N/A |
|
Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript.
|
|||||
| CVE-2008-0351 | 1 Evilsentinel | 1 Evilsentinel | 2025-04-09 | 5.0 MEDIUM | N/A |
|
admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php.
|
|||||
| CVE-2008-5575 | 1 Proclanmanager | 1 Pro Clan Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
|
|||||
| CVE-2007-4747 | 1 Cisco | 3 Video Surveillance Ip Gateway Encoder Decoder, Video Surveillance Sp Isp, Video Surveillance Sp Isp Decoder Software | 2025-04-09 | 10.0 HIGH | N/A |
|
The telnet service in Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier does not require authentication, which allows remote attackers to perform administrative actions, aka CSCsj31729.
|
|||||
| CVE-2008-0408 | 1 Hfs | 1 Http File Server | 2025-04-09 | 6.4 MEDIUM | N/A |
|
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
|
|||||
| CVE-2008-6009 | 1 Sg Real Estate Portal | 1 Sg Real Estate Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1.
|
|||||
| CVE-2007-6714 | 1 Dbmail | 1 Dbmail | 2025-04-09 | 6.8 MEDIUM | N/A |
|
DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.
|
|||||
| CVE-2008-3610 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.6 HIGH | N/A |
|
Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list.
|
|||||
| CVE-2009-2231 | 1 Mid.as | 1 Midas | 2025-04-09 | 7.5 HIGH | N/A |
|
MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie.
|
|||||
| CVE-2009-1122 | 1 Microsoft | 2 Internet Information Services, Windows 2000 | 2025-04-09 | 7.5 HIGH | N/A |
|
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
|
|||||
| CVE-2007-5770 | 1 Ruby-lang | 1 Ruby | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
|
|||||
| CVE-2009-2063 | 1 Opera | 1 Opera Browser | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.
|
|||||
| CVE-2008-6815 | 1 Myktools | 1 Myktools | 2025-04-09 | 5.0 MEDIUM | N/A |
|
mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup.
|
|||||
| CVE-2008-4576 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
|
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires.
|
|||||
| CVE-2008-1259 | 1 Zyxel | 1 P-2602hw-d1a | 2025-04-09 | 9.3 HIGH | N/A |
|
The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated within the previous 5 minutes.
|
|||||
| CVE-2008-6455 | 1 Edikon | 1 Phpshop | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6862 | 1 Xigla | 1 Absolute Content Rotator | 2025-04-09 | 7.5 HIGH | N/A |
|
Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
|
|||||
| CVE-2009-1549 | 1 Agtc | 1 Agtc Myshop | 2025-04-09 | 7.5 HIGH | N/A |
|
AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto."
|
|||||