Total
3657 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3657 | 2 Drupal, Tim Nelson | 2 Drupal, Shared Sign-on | 2025-04-09 | 5.8 MEDIUM | N/A |
Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors. | |||||
CVE-2008-3428 | 1 Phpfreechat | 1 Phpfreechat | 2025-04-09 | 6.5 MEDIUM | N/A |
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter. | |||||
CVE-2007-6385 | 1 Kerio | 1 Winroute Firewall | 2025-04-09 | 2.1 LOW | N/A |
The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
CVE-2009-0662 | 1 Plone | 2 Plone, Plonepas | 2025-04-09 | 6.0 MEDIUM | N/A |
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors. | |||||
CVE-2007-3184 | 2 Apple, Cisco | 2 Mac Os X, Trust Agent | 2025-04-09 | 7.2 HIGH | N/A |
Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation. | |||||
CVE-2008-1327 | 1 Gallarific | 1 Gallarific | 2025-04-09 | 7.5 HIGH | N/A |
Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-0130 | 1 Erlang | 1 Erlang | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid. | |||||
CVE-2009-2168 | 1 Egyplus | 1 7ammel | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters. | |||||
CVE-2008-0229 | 1 Level One | 1 Wbr-3460a | 2025-04-09 | 10.0 HIGH | N/A |
The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access. | |||||
CVE-2008-0466 | 1 Webwiz | 3 Web Wiz Forums, Web Wiz Newspad, Web Wiz Rich Text Editor | 2025-04-09 | 5.0 MEDIUM | N/A |
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability. | |||||
CVE-2008-1727 | 1 Myknowledgequest | 1 Knowledgequest | 2025-04-09 | 7.5 HIGH | N/A |
KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts. | |||||
CVE-2008-2833 | 1 Worldlevel | 1 Le.cms | 2025-04-09 | 10.0 HIGH | N/A |
admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters. | |||||
CVE-2007-5113 | 1 Roi Revolution | 1 Urchin | 2025-04-09 | 5.0 MEDIUM | N/A |
report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112. | |||||
CVE-2008-3814 | 1 Cisco | 1 Unity | 2025-04-09 | 5.8 MEDIUM | N/A |
Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once. | |||||
CVE-2008-4319 | 1 Libra File Manager | 1 Php Filemanager | 2025-04-09 | 6.4 MEDIUM | N/A |
fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string. | |||||
CVE-2008-5355 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 10.0 HIGH | N/A |
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. | |||||
CVE-2008-6714 | 1 Xecms Project | 1 Xecms | 2025-04-09 | 7.5 HIGH | N/A |
admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to bypass authentication and access the admin panel by setting the xecms_username cookie. | |||||
CVE-2009-0124 | 1 Arrl | 1 Tqsllib | 2025-04-09 | 5.0 MEDIUM | N/A |
The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
CVE-2008-2879 | 1 Benjacms | 1 Benja Cms | 2025-04-09 | 6.4 MEDIUM | N/A |
Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers to add or delete a menu. | |||||
CVE-2008-6039 | 1 Bluepage | 1 Bluepage Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. |