Total
3606 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2066 | 1 Apple | 1 Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
| Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | |||||
| CVE-2008-7179 | 1 Otmanager | 1 Otmanager Cms | 2025-04-09 | 7.5 HIGH | N/A |
| OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php. | |||||
| CVE-2008-4784 | 1 Aflog | 1 Aflog | 2025-04-09 | 7.5 HIGH | N/A |
| aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php. | |||||
| CVE-2008-6707 | 1 Avaya | 2 Communication Manager, Sip Enablement Services | 2025-04-09 | 6.4 MEDIUM | N/A |
| The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help." | |||||
| CVE-2008-6719 | 1 Uochm | 1 Justlistit | 2025-04-09 | 7.5 HIGH | N/A |
| U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) start.php, (2) aktivitet.php, (3) prop_aktivitet.php, (4) kategorier.php, (5) konfig.php, (6) security.php, (7) manual.php, and possibly (8) index.php. | |||||
| CVE-2009-1504 | 1 Xigla | 1 Absolute Control Panel Xe | 2025-04-09 | 7.5 HIGH | N/A |
| Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1." | |||||
| CVE-2007-3050 | 1 Chameleon Cms | 1 Chameleon Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
| CVE-2007-0435 | 1 T-com | 2 Speedport 500v, Speedport 500v Firmware | 2025-04-09 | 7.5 HIGH | N/A |
| T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value. | |||||
| CVE-2009-0051 | 1 Zxid | 1 Zxid | 2025-04-09 | 5.0 MEDIUM | N/A |
| ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2008-3610 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.6 HIGH | N/A |
| Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list. | |||||
| CVE-2009-2257 | 1 Netgear | 1 Dg632 | 2025-04-09 | 7.8 HIGH | N/A |
| The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/. | |||||
| CVE-2007-4203 | 1 Mambo | 1 Mambo Open Source | 2025-04-09 | 9.3 HIGH | N/A |
| Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. | |||||
| CVE-2007-2243 | 1 Openbsd | 1 Openssh | 2025-04-09 | 5.0 MEDIUM | N/A |
| OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483. | |||||
| CVE-2008-0640 | 1 Symantec | 1 Ghost Solutions Suite | 2025-04-09 | 10.0 HIGH | N/A |
| Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing. | |||||
| CVE-2008-7046 | 1 Ajsquare | 1 Free Polling Script | 2025-04-09 | 6.4 MEDIUM | N/A |
| AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2063 | 1 Opera | 1 Opera Browser | 2025-04-09 | 6.8 MEDIUM | N/A |
| Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. | |||||
| CVE-2008-1268 | 1 Linksys | 1 Wrt54g | 2025-04-09 | 10.0 HIGH | N/A |
| The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password. | |||||
| CVE-2006-6705 | 1 Soumu | 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors. | |||||
| CVE-2007-6398 | 1 Flat Php | 1 Board | 2025-04-09 | 5.0 MEDIUM | N/A |
| Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpb_username cookie. | |||||
| CVE-2009-4232 | 2 Jonijnm, Joomla | 2 Com Kide, Joomla\! | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||