Total
3743 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6581 | 1 Phpaddedit | 1 Phpaddedit | 2025-04-09 | 7.5 HIGH | N/A |
| login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter. | |||||
| CVE-2008-3319 | 1 Maian | 1 Links | 2025-04-09 | 7.5 HIGH | N/A |
| admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie. | |||||
| CVE-2009-2863 | 1 Cisco | 1 Ios | 2025-04-09 | 7.1 HIGH | N/A |
| Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227. | |||||
| CVE-2008-3292 | 1 Ezwebalbum | 1 Ezwebalbum | 2025-04-09 | 6.4 MEDIUM | N/A |
| constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php. | |||||
| CVE-2009-1638 | 1 T-dreams | 1 Job Career Package | 2025-04-09 | 7.5 HIGH | N/A |
| Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login. | |||||
| CVE-2008-6717 | 1 Uochm | 1 Signup | 2025-04-09 | 7.5 HIGH | N/A |
| U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) adminstart.php, (2) admineventtype.php, (3) admineventdetails.php, (4) admineventlist.php, (5) adminuserslist.php, (6) adminleaderslist.php, (7) admindatabase.php, and possibly (8) index.php. | |||||
| CVE-2007-5391 | 1 Hp | 1 Select Identity | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors. | |||||
| CVE-2008-3375 | 1 Jamroom | 1 Jamroom | 2025-04-09 | 7.5 HIGH | N/A |
| The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie. | |||||
| CVE-2008-4721 | 1 Php Jabbers | 1 Post Comment | 2025-04-09 | 7.5 HIGH | N/A |
| PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged." | |||||
| CVE-2008-7008 | 1 Hyperstop | 1 Web Host Directory | 2025-04-09 | 5.0 MEDIUM | N/A |
| HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a database backup via a direct request to admin/backup/db. | |||||
| CVE-2008-0407 | 1 Hfs | 1 Http File Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request. | |||||
| CVE-2007-4680 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. | |||||
| CVE-2008-6860 | 1 Xigla | 1 Absolute Poll Manager Xe | 2025-04-09 | 7.5 HIGH | N/A |
| Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-5022 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2025-04-09 | 7.5 HIGH | N/A |
| The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. | |||||
| CVE-2007-4548 | 1 Apache | 1 Geronimo | 2025-04-09 | 10.0 HIGH | N/A |
| The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module. | |||||
| CVE-2008-0926 | 1 Novell | 1 Edirectory | 2025-04-09 | 7.5 HIGH | N/A |
| The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected. | |||||
| CVE-2007-1966 | 1 Exv2 | 1 Content Management System | 2025-04-09 | 5.0 MEDIUM | 9.1 CRITICAL |
| Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie. | |||||
| CVE-2007-5714 | 1 Gentoo | 1 Mldonkey Ebuild | 2025-04-09 | 6.8 MEDIUM | N/A |
| The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code. | |||||
| CVE-2008-1134 | 1 Omegasoft | 1 Interneserviceslosungen | 2025-04-09 | 6.4 MEDIUM | N/A |
| OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports authentication with a cookie that lacks a shared secret, which allows remote attackers to login as an arbitrary user via a modified cookie. | |||||
| CVE-2009-3261 | 1 Livestreet | 1 Livestreet | 2025-04-09 | 7.5 HIGH | N/A |
| update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors. | |||||