Total
3606 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4367 | 1 Sitecore | 1 Staging Module | 2025-04-09 | 6.8 MEDIUM | N/A |
| The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request. | |||||
| CVE-2008-3033 | 1 Rss Aggregator | 1 Rss Aggregator | 2025-04-09 | 9.3 HIGH | N/A |
| RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php. | |||||
| CVE-2008-1262 | 1 Airspan | 1 Wimax Prost | 2025-04-09 | 10.0 HIGH | N/A |
| The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/. | |||||
| CVE-2009-2071 | 1 Google | 1 Chrome | 2025-04-09 | 6.8 MEDIUM | N/A |
| Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | |||||
| CVE-2008-4032 | 1 Microsoft | 2 Office Sharepoint Server, Search Server | 2025-04-09 | 7.5 HIGH | N/A |
| Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." | |||||
| CVE-2008-6523 | 1 Cale Dunlap | 1 Openinvoice | 2025-04-09 | 7.5 HIGH | N/A |
| auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users. | |||||
| CVE-2008-6718 | 1 Uochm | 1 Justbookit | 2025-04-09 | 7.5 HIGH | N/A |
| U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) user_manual.php, (2) user_config.php, (3) user_kundnamn.php, (4) user_kundlista.php, (5) user_aktiva_kunder.php, (6) database.php, and possibly (7) index.php. | |||||
| CVE-2009-1670 | 1 Tcpdb | 1 Tcpdb | 2025-04-09 | 7.5 HIGH | N/A |
| user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3966 | 1 Arcadetradescript | 1 Arcade Trade Script | 2025-04-09 | 7.5 HIGH | N/A |
| Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true. | |||||
| CVE-2008-4146 | 1 Addalink | 1 Addalink | 2025-04-09 | 5.0 MEDIUM | N/A |
| Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field. | |||||
| CVE-2008-6739 | 1 Toddwoolums | 1 Asp Download | 2025-04-09 | 7.5 HIGH | N/A |
| Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request. | |||||
| CVE-2008-7081 | 1 Raidsonic | 1 Icy Box Nas | 2025-04-09 | 10.0 HIGH | N/A |
| userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2085 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 7.5 HIGH | N/A |
| The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB). | |||||
| CVE-2007-4438 | 1 Ampache | 1 Ampache | 2025-04-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2008-0408 | 1 Hfs | 1 Http File Server | 2025-04-09 | 6.4 MEDIUM | N/A |
| HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication. | |||||
| CVE-2007-1859 | 2 Redhat, Xscreensaver | 4 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation and 1 more | 2025-04-09 | 4.6 MEDIUM | N/A |
| XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication. | |||||
| CVE-2009-0614 | 1 Cisco | 1 Unified Meetingplace Web Conferencing | 2025-04-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL. | |||||
| CVE-2008-2282 | 1 Thomas Voecking | 1 Internet Photoshow | 2025-04-09 | 7.5 HIGH | N/A |
| admin.php in Internet Photoshow and Internet Photoshow Special Edition (SE) allows remote attackers to bypass authentication by setting the login_admin cookie to true. | |||||
| CVE-2009-1535 | 1 Microsoft | 3 Internet Information Services, Windows Server 2003, Windows Xp | 2025-04-09 | 7.5 HIGH | N/A |
| The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122. | |||||
| CVE-2007-1952 | 1 Onelook | 1 Onebyone Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | |||||