Total
3680 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3425 | 1 Sun | 2 Java System Web Server Plugin, N1 Service Provisioning System | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors. | |||||
| CVE-2007-5085 | 1 Apache | 1 Geronimo | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors. | |||||
| CVE-2009-2070 | 1 Opera | 1 Opera Browser | 2025-04-09 | 6.8 MEDIUM | N/A |
| Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | |||||
| CVE-2008-7086 | 1 Maianscriptworld | 1 Maian Greetings | 2025-04-09 | 7.5 HIGH | N/A |
| Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin. | |||||
| CVE-2008-7019 | 1 Esqlanelapse | 1 Esqlanelapse | 2025-04-09 | 7.5 HIGH | N/A |
| Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authentication and gain privileges via modified (1) enombre and (2) euri cookies. | |||||
| CVE-2009-0891 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.5 MEDIUM | N/A |
| The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks. | |||||
| CVE-2008-4037 | 1 Microsoft | 4 Windows, Windows 2000, Windows Server 2008 and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. | |||||
| CVE-2008-0476 | 1 Manageengine | 1 Applications Manager | 2025-04-09 | 6.4 MEDIUM | N/A |
| ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3177 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2025-04-09 | 5.0 MEDIUM | N/A |
| Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter. | |||||
| CVE-2003-1574 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-09 | 7.5 HIGH | N/A |
| TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6863 | 1 Xigla | 1 Absolute Form Processor.net | 2025-04-09 | 7.5 HIGH | N/A |
| Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-1154 | 1 Cisco | 4 Emergency Responder, Mobility Manager, Unified Communications Manager and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
| The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2009-2231 | 1 Mid.as | 1 Midas | 2025-04-09 | 7.5 HIGH | N/A |
| MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie. | |||||
| CVE-2007-2277 | 1 Plogger | 1 Plogger | 2025-04-09 | 7.5 HIGH | N/A |
| Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
| CVE-2009-1155 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2025-04-09 | 7.8 HIGH | N/A |
| Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors. | |||||
| CVE-2009-2642 | 1 Desiscripts | 1 Desi Short Url Script | 2025-04-09 | 7.5 HIGH | N/A |
| index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13. | |||||
| CVE-2008-0351 | 1 Evilsentinel | 1 Evilsentinel | 2025-04-09 | 5.0 MEDIUM | N/A |
| admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php. | |||||
| CVE-2008-3738 | 1 Spacetag | 1 Lacoodast | 2025-04-09 | 6.8 MEDIUM | 9.1 CRITICAL |
| Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2009-1629 | 1 Antony Lesuisse | 1 Ajaxterm | 2025-04-09 | 6.8 MEDIUM | N/A |
| ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack. | |||||
| CVE-2008-5692 | 1 Ipswitch | 1 Ws Ftp | 2025-04-09 | 5.0 MEDIUM | N/A |
| Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name. | |||||