Total
3743 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0391 | 1 Alilg | 1 Alitalk | 2025-04-09 | 7.5 HIGH | N/A |
| inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters. | |||||
| CVE-2008-7051 | 1 Ajsquare | 1 Aj Article | 2025-04-09 | 7.5 HIGH | N/A |
| AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to (1) user.php, (2) articles.php, (3) articlesuspend.php, (4) site.php, (5) statistics.php, (6) mail.php, (7) category.php, (8) subcategory.php, (9) changepassword.php, (10) polling.php, and (11) logo.php in admin/. | |||||
| CVE-2008-6859 | 1 Xigla | 1 Absolute Control Panel Xe | 2025-04-09 | 7.5 HIGH | N/A |
| Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-6440 | 2 Cerberus, Webgroupmedia | 2 Cerberus Helpdesk, Cerberus Helpdesk | 2025-04-09 | 5.0 MEDIUM | N/A |
| Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs. | |||||
| CVE-2009-3107 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 4.8 MEDIUM | N/A |
| Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service. | |||||
| CVE-2009-1489 | 1 Rens Rikkerink | 1 Fungamez | 2025-04-09 | 7.5 HIGH | N/A |
| includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter. | |||||
| CVE-2008-3318 | 1 Maian | 1 Weblog | 2025-04-09 | 7.5 HIGH | N/A |
| admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie. | |||||
| CVE-2006-6997 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Standard | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792. | |||||
| CVE-2008-2705 | 1 Sun | 1 Java System Access Manager | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2008-6858 | 1 Xigla | 1 Absolute Banner Manager.net | 2025-04-09 | 7.5 HIGH | N/A |
| Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2007-6430 | 1 Asterisk | 2 Asterisk Business Edition, Open Source | 2025-04-09 | 4.3 MEDIUM | N/A |
| Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username. | |||||
| CVE-2009-0460 | 1 Wholehogsoftware | 1 Ware Support | 2025-04-09 | 7.5 HIGH | N/A |
| Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie. | |||||
| CVE-2009-3158 | 1 Carsten Wulff | 1 Simplephpweb | 2025-04-09 | 7.5 HIGH | N/A |
| admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3422 | 1 Zenas | 1 Paoliber | 2025-04-09 | 6.8 MEDIUM | N/A |
| login.php in Zenas PaoLiber 1.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1. | |||||
| CVE-2008-0377 | 1 News | 1 Micronews | 2025-04-09 | 10.0 HIGH | N/A |
| MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php. | |||||
| CVE-2009-4095 | 1 Companionway | 1 Myphile | 2025-04-09 | 7.5 HIGH | N/A |
| myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0021 | 1 Ntp | 1 Ntp | 2025-04-09 | 5.0 MEDIUM | N/A |
| NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-4409 | 1 Iij | 1 Seil\/b1 | 2025-04-09 | 2.6 LOW | N/A |
| The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack. | |||||
| CVE-2009-2328 | 1 Max Kervin | 1 Kervinet Forum | 2025-04-09 | 7.5 HIGH | N/A |
| admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter. | |||||
| CVE-2008-6861 | 1 Xigla | 1 Absolute Newsletter | 2025-04-09 | 7.5 HIGH | N/A |
| Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||