Total
3934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2920 | 1 Ezcms | 1 Eztechhelp Ezcms | 2025-04-09 | 7.5 HIGH | N/A |
| admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and earlier does not require authentication, which allows remote attackers to create, modify, read, and delete files. | |||||
| CVE-2008-5809 | 1 Futomi | 1 Access Analyzer Cgi | 2025-04-09 | 5.8 MEDIUM | N/A |
| futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id. | |||||
| CVE-2008-4223 | 1 Apple | 1 Mac Os X Server | 2025-04-09 | 10.0 HIGH | N/A |
| Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. | |||||
| CVE-2008-6143 | 1 Owentechkenya | 1 Owenpoll | 2025-04-09 | 7.5 HIGH | N/A |
| OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie. | |||||
| CVE-2008-0555 | 1 Apache-ssl | 1 Apache-ssl | 2025-04-09 | 7.5 HIGH | N/A |
| The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables. | |||||
| CVE-2008-3322 | 1 Maian | 1 Recipe | 2025-04-09 | 7.5 HIGH | N/A |
| admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie. | |||||
| CVE-2009-2059 | 1 Opera | 1 Opera Browser | 2025-04-09 | 6.8 MEDIUM | N/A |
| Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | |||||
| CVE-2010-0014 | 1 Fedoraproject | 1 Sssd | 2025-04-09 | 3.7 LOW | N/A |
| System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT. | |||||
| CVE-2007-6145 | 1 Hitachi | 1 Jp1 File Transmission Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-01 allows remote attackers to bypass authentication and "view files" via unspecified vectors. | |||||
| CVE-2009-3421 | 1 Zenas | 1 Pao-bacheca Guestbook | 2025-04-09 | 6.8 MEDIUM | 9.8 CRITICAL |
| login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1. | |||||
| CVE-2008-1469 | 1 Gallarific | 1 Gallarific | 2025-04-09 | 6.4 MEDIUM | N/A |
| Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5065 | 1 Easy-script | 1 Tlguesbook | 2025-04-09 | 7.5 HIGH | N/A |
| TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin. | |||||
| CVE-2009-0049 | 1 Eid | 1 Eidlib | 2025-04-09 | 5.0 MEDIUM | N/A |
| Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2008-1244 | 1 Belkin | 1 F5d7230-4 | 2025-04-09 | 10.0 HIGH | N/A |
| cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected. | |||||
| CVE-2009-1854 | 1 Cmsnx | 1 Million Dollar Text Links | 2025-04-09 | 7.5 HIGH | N/A |
| Million Dollar Text Links 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the userid cookie to 1. | |||||
| CVE-2009-0362 | 1 Fail2ban | 1 Fail2ban | 2025-04-09 | 4.0 MEDIUM | N/A |
| filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321. | |||||
| CVE-2006-5268 | 1 Trend Micro | 1 Serverprotect | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface." | |||||
| CVE-2009-0047 | 1 Gale | 1 Gale | 2025-04-09 | 5.0 MEDIUM | N/A |
| Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2008-6411 | 1 Explay | 1 Explay Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1. | |||||
| CVE-2009-3923 | 1 Sun | 2 Virtual Desktop Infrastructure, Virtualbox | 2025-04-09 | 7.5 HIGH | N/A |
| The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server. | |||||