Total
4065 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4364 | 1 Fedoraproject | 1 Commons | 2025-04-09 | 8.5 HIGH | N/A |
|
Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypa ...
Show More |
|||||
| CVE-2007-3988 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
|
|||||
| CVE-2008-7086 | 1 Maianscriptworld | 1 Maian Greetings | 2025-04-09 | 7.5 HIGH | N/A |
|
Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin.
|
|||||
| CVE-2009-3481 | 2 Isygen, Joomla | 2 Com Icrmbasic, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-4632 | 1 Cisco | 1 Ios | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105.
|
|||||
| CVE-2007-4203 | 1 Mambo | 1 Mambo Open Source | 2025-04-09 | 9.3 HIGH | N/A |
|
Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter.
|
|||||
| CVE-2008-5692 | 1 Ipswitch | 1 Ws Ftp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.
|
|||||
| CVE-2009-1580 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.
|
|||||
| CVE-2008-3407 | 1 Phplinkat | 1 Phplinkat | 2025-04-09 | 5.0 MEDIUM | N/A |
|
phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie.
|
|||||
| CVE-2008-0377 | 1 News | 1 Micronews | 2025-04-09 | 10.0 HIGH | N/A |
|
MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php.
|
|||||
| CVE-2007-5578 | 1 Secureideas | 1 Basic Analysis And Security Engine | 2025-04-09 | 7.5 HIGH | N/A |
|
Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors.
|
|||||
| CVE-2009-0128 | 1 Llnl | 1 Slurm | 2025-04-09 | 5.0 MEDIUM | N/A |
|
plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Resource Management (aka SLURM or slurm-llnl) does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
|
|||||
| CVE-2008-7028 | 1 Aves | 1 Rpg Board | 2025-04-09 | 7.5 HIGH | N/A |
|
RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges by setting the keep4u cookie to a certain value.
|
|||||
| CVE-2009-1664 | 1 Easy-scripts | 1 Answer And Question Script | 2025-04-09 | 7.5 HIGH | N/A |
|
myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters.
|
|||||
| CVE-2008-3815 | 1 Cisco | 2 Asa 5500, Pix | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors.
|
|||||
| CVE-2009-4095 | 1 Companionway | 1 Myphile | 2025-04-09 | 7.5 HIGH | N/A |
|
myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-3375 | 1 Jamroom | 1 Jamroom | 2025-04-09 | 7.5 HIGH | N/A |
|
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie.
|
|||||
| CVE-2008-1971 | 1 Phphq | 1 Phshoutbox Final | 2025-04-09 | 7.5 HIGH | N/A |
|
phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.
|
|||||
| CVE-2009-0051 | 1 Zxid | 1 Zxid | 2025-04-09 | 5.0 MEDIUM | N/A |
|
ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
|
|||||
| CVE-2008-1264 | 1 Linksys | 1 Wrt54g | 2025-04-09 | 7.5 HIGH | N/A |
|
The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file.
|
|||||
| CVE-2009-4232 | 2 Jonijnm, Joomla | 2 Com Kide, Joomla\! | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-2382 | 1 Jay-jayx0r | 1 Phpmyblockchecker | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
|
admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.
|
|||||
| CVE-2008-6939 | 1 Turnkeyforms | 1 Web Hosting Directory | 2025-04-09 | 7.5 HIGH | N/A |
|
TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username.
|
|||||
| CVE-2007-5791 | 1 Vonage | 1 Motorola Phone Adapter Vt2142-vd | 2025-04-09 | 10.0 HIGH | N/A |
|
The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content.
|
|||||
| CVE-2008-6860 | 1 Xigla | 1 Absolute Poll Manager Xe | 2025-04-09 | 7.5 HIGH | N/A |
|
Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
|
|||||
| CVE-2008-1269 | 1 Alice | 1 Gate2 Plus Wi-fi | 2025-04-09 | 7.1 HIGH | N/A |
|
cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request.
|
|||||
| CVE-2007-6398 | 1 Flat Php | 1 Board | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpb_username cookie.
|
|||||
| CVE-2007-5008 | 1 Hp | 1 Hp-ux | 2025-04-09 | 9.0 HIGH | N/A |
|
The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected.
|
|||||
| CVE-2008-0407 | 1 Hfs | 1 Http File Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
|
|||||
| CVE-2009-0662 | 1 Plone | 2 Plone, Plonepas | 2025-04-09 | 6.0 MEDIUM | N/A |
|
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
|
|||||
| CVE-2008-6131 | 1 Mozilo | 1 Mozilowiki | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
|
|||||
| CVE-2007-5391 | 1 Hp | 1 Select Identity | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors.
|
|||||
| CVE-2008-1949 | 1 Gnu | 1 Gnutls | 2025-04-09 | 9.3 HIGH | N/A |
|
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
|
|||||
| CVE-2008-0229 | 1 Level One | 1 Wbr-3460a | 2025-04-09 | 10.0 HIGH | N/A |
|
The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access.
|
|||||
| CVE-2008-6092 | 1 Phpscripts | 1 Ranking-script | 2025-04-09 | 7.5 HIGH | N/A |
|
phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie.
|
|||||
| CVE-2009-1384 | 2 Eyrie, Redhat | 2 Pam-krb5, Enterprise Linux | 2025-04-09 | 5.0 MEDIUM | N/A |
|
pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
|
|||||
| CVE-2007-4692 | 2 Apple, Microsoft | 4 Mac Os X, Mac Os X Server, Safari and 1 more | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab.
|
|||||
| CVE-2008-2705 | 1 Sun | 1 Java System Access Manager | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors.
|
|||||
| CVE-2007-1953 | 1 Onelook | 1 Courts Online | 2025-04-09 | 7.5 HIGH | N/A |
|
Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
|
|||||
| CVE-2008-6300 | 1 Gwm | 1 Galatolo Webmanager | 2025-04-09 | 7.5 HIGH | N/A |
|
Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||