Total
4065 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3232 | 1 Canonical | 1 Ubuntu Linux | 2025-04-09 | 9.3 HIGH | N/A |
|
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
|
|||||
| CVE-2008-5219 | 1 Videoscript | 1 Videoscript | 2025-04-09 | 7.5 HIGH | N/A |
|
The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters.
|
|||||
| CVE-2009-0853 | 1 Stewart Howe | 1 Celerbb | 2025-04-09 | 6.8 MEDIUM | N/A |
|
login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value.
|
|||||
| CVE-2007-5752 | 1 Agtc Websolutions | 1 Php-agtc Membership System | 2025-04-09 | 7.5 HIGH | N/A |
|
adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges.
|
|||||
| CVE-2008-7041 | 1 Ajsquare | 1 Aj Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php.
|
|||||
| CVE-2008-2406 | 1 Sun | 1 Java Asp Server | 2025-04-09 | 7.5 HIGH | N/A |
|
The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102.
|
|||||
| CVE-2008-5022 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2025-04-09 | 7.5 HIGH | N/A |
|
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.
|
|||||
| CVE-2007-6011 | 1 Bug Software | 1 Bughotel Reservation System | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-4622 | 1 Phpfastnews | 1 Phpfastnews | 2025-04-09 | 7.5 HIGH | N/A |
|
The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1.
|
|||||
| CVE-2008-6743 | 1 Shock-therapy | 1 Rsmscript | 2025-04-09 | 7.5 HIGH | N/A |
|
RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which bypasses the security check that is performed by verify.php.
|
|||||
| CVE-2007-3050 | 1 Chameleon Cms | 1 Chameleon Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
|
|||||
| CVE-2008-1262 | 1 Airspan | 1 Wimax Prost | 2025-04-09 | 10.0 HIGH | N/A |
|
The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/.
|
|||||
| CVE-2008-6143 | 1 Owentechkenya | 1 Owenpoll | 2025-04-09 | 7.5 HIGH | N/A |
|
OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie.
|
|||||
| CVE-2009-1825 | 1 Collector | 1 Mycolex | 2025-04-09 | 4.0 MEDIUM | N/A |
|
modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
|
|||||
| CVE-2008-5082 | 1 Redhat | 2 Dogtag Certificate System, Certificate System | 2025-04-09 | 6.0 MEDIUM | N/A |
|
The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.
|
|||||
| CVE-2008-2528 | 1 Citrix | 1 Access Gateway | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors.
|
|||||
| CVE-2008-6951 | 1 Cms.maury91 | 1 Maurycms | 2025-04-09 | 7.5 HIGH | N/A |
|
MauryCMS 0.53.2 and earlier does not require administrative authentication for Editors/fckeditor/editor/filemanager/browser/default/browser.html, which allows remote attackers to upload arbitrary files via a direct request.
|
|||||
| CVE-2009-1619 | 1 Teraway | 1 Filestream | 2025-04-09 | 7.5 HIGH | N/A |
|
Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.
|
|||||
| CVE-2007-4419 | 1 Olate | 1 Olatedownload | 2025-04-09 | 9.3 HIGH | N/A |
|
Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.
|
|||||
| CVE-2008-6523 | 1 Cale Dunlap | 1 Openinvoice | 2025-04-09 | 7.5 HIGH | N/A |
|
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users.
|
|||||
| CVE-2009-2066 | 1 Apple | 1 Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
|
|||||
| CVE-2007-5085 | 1 Apache | 1 Geronimo | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
|
|||||
| CVE-2008-6804 | 1 Tribiq | 1 Tribiq Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Tribiq CMS 5.0.9a beta allows remote attackers to bypass authentication and gain administrative access by setting the COOKIE_LAST_ADMIN_USER and COOKIE_LAST_ADMIN_LANG cookies. NOTE: a third party reports that the vendor disputes the existence of this issue
|
|||||
| CVE-2008-0476 | 1 Manageengine | 1 Applications Manager | 2025-04-09 | 6.4 MEDIUM | N/A |
|
ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-7045 | 1 Ajsquare | 1 Free Polling Script | 2025-04-09 | 6.4 MEDIUM | N/A |
|
AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to bypass authentication and reset poll votes via a direct request to admin/resetvote.php.
|
|||||
| CVE-2003-1570 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-09 | 3.5 LOW | N/A |
|
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."
|
|||||
| CVE-2007-2555 | 1 Podium Cms | 1 Podium Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS).
|
|||||
| CVE-2008-3322 | 1 Maian | 1 Recipe | 2025-04-09 | 7.5 HIGH | N/A |
|
admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie.
|
|||||
| CVE-2007-2277 | 1 Plogger | 1 Plogger | 2025-04-09 | 7.5 HIGH | N/A |
|
Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
|
|||||
| CVE-2009-1629 | 1 Antony Lesuisse | 1 Ajaxterm | 2025-04-09 | 6.8 MEDIUM | N/A |
|
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
|
|||||
| CVE-2009-2085 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 7.5 HIGH | N/A |
|
The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB).
|
|||||
| CVE-2008-5065 | 1 Easy-script | 1 Tlguesbook | 2025-04-09 | 7.5 HIGH | N/A |
|
TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin.
|
|||||
| CVE-2008-2801 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 7.5 HIGH | N/A |
|
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.
|
|||||
| CVE-2008-6723 | 1 Turnkeyforms | 1 Entertainment Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator.
|
|||||
| CVE-2009-0129 | 1 Perl-openssl | 1 Libcrypt-openssl-dsa-perl | 2025-04-09 | 5.0 MEDIUM | N/A |
|
libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
|
|||||
| CVE-2008-6707 | 1 Avaya | 2 Communication Manager, Sip Enablement Services | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default appli ...
Show More |
|||||
| CVE-2008-6916 | 2 John Doe, Siemens | 2 Netport Software, Speedstream 5200 | 2025-04-09 | 10.0 HIGH | N/A |
|
Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.
|
|||||
| CVE-2007-2719 | 1 Hp | 1 Systems Insight Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.
|
|||||
| CVE-2009-0048 | 1 Openevidence | 1 Openevidence | 2025-04-09 | 5.0 MEDIUM | N/A |
|
OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
|
|||||
| CVE-2008-4752 | 1 Tech Logic | 1 Tlnews | 2025-04-09 | 7.5 HIGH | N/A |
|
TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin.
|
|||||