Total
3744 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3027 | 1 Symantec | 23 Backup Exec Continuous Protection Server, Veritas Application Director, Veritas Backup Exec and 20 more | 2025-04-09 | 10.0 HIGH | N/A |
| VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300. | |||||
| CVE-2008-6815 | 1 Myktools | 1 Myktools | 2025-04-09 | 5.0 MEDIUM | N/A |
| mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup. | |||||
| CVE-2008-5407 | 1 Symantec | 1 Backup Exec For Windows Server | 2025-04-09 | 9.4 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. | |||||
| CVE-2008-2524 | 1 Blogphp | 1 Blogphp | 2025-04-09 | 5.0 MEDIUM | N/A |
| BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie. | |||||
| CVE-2008-1883 | 1 Blackboard | 1 Blackboard Academic Suite | 2025-04-09 | 6.8 MEDIUM | N/A |
| The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string. | |||||
| CVE-2008-4081 | 1 Stash | 1 Stash | 2025-04-09 | 7.5 HIGH | N/A |
| admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie. | |||||
| CVE-2007-1949 | 1 Webblizzard | 1 Content Management System | 2025-04-09 | 7.5 HIGH | N/A |
| Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | |||||
| CVE-2007-6384 | 1 Bea | 1 Weblogic Mobility Server | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors. | |||||
| CVE-2007-5988 | 1 Bti-tracker | 1 Bti-tracker | 2025-04-09 | 7.5 HIGH | N/A |
| blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field. | |||||
| CVE-2009-0642 | 1 Ruby-lang | 1 Ruby | 2025-04-09 | 6.8 MEDIUM | N/A |
| ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. | |||||
| CVE-2008-5042 | 1 Zeeways | 1 Photovideotube | 2025-04-09 | 7.5 HIGH | N/A |
| Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php. | |||||
| CVE-2008-7027 | 1 Libra File Manager | 1 Php Filemanager | 2025-04-09 | 7.5 HIGH | N/A |
| Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1. | |||||
| CVE-2009-0892 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.5 MEDIUM | N/A |
| The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout. | |||||
| CVE-2002-2427 | 1 Goahead | 1 Goahead Webserver | 2025-04-09 | 5.0 MEDIUM | N/A |
| The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. | |||||
| CVE-2009-3423 | 1 Zenas | 1 Paolink | 2025-04-09 | 6.8 MEDIUM | N/A |
| login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1. | |||||
| CVE-2007-5374 | 1 Lightblog | 1 Lightblog | 2025-04-09 | 6.5 MEDIUM | N/A |
| cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account. | |||||
| CVE-2007-5152 | 1 Sun | 2 Java System Access Manager, Java System Application Server | 2025-04-09 | 7.5 HIGH | N/A |
| Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks. | |||||
| CVE-2008-2730 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843. | |||||
| CVE-2007-4693 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
| The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields." | |||||
| CVE-2008-4244 | 1 Rianxosencabos Cms | 1 Rianxosencabos Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1. | |||||