Search Results (4210 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0377 1 News 1 Micronews 2025-04-09 N/A
MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php.
CVE-2006-6997 1 Mailenable 2 Mailenable Enterprise, Mailenable Standard 2025-04-09 N/A
Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792.
CVE-2008-4081 1 Stash 1 Stash 2025-04-09 N/A
admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie.
CVE-2007-1480 1 Creative Guestbook 1 Creative Guestbook 2025-04-09 N/A
Creative Guestbook 1.0 allows remote attackers to add an administrative account via a direct request to createadmin.php with Name, Email, and PASSWORD parameters set.
CVE-2007-1859 2 Redhat, Xscreensaver 4 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation and 1 more 2025-04-09 N/A
XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.
CVE-2007-1949 1 Webblizzard 1 Content Management System 2025-04-09 N/A
Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
CVE-2007-1951 1 Onelook 1 Oboshop 2025-04-09 N/A
Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
CVE-2007-1952 1 Onelook 1 Onebyone Cms 2025-04-09 N/A
Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
CVE-2007-1953 1 Onelook 1 Courts Online 2025-04-09 N/A
Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
CVE-2007-1966 1 Exv2 1 Content Management System 2025-04-09 9.1 Critical
Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.
CVE-2007-6130 1 Gnu 1 Gnump3d 2025-04-09 N/A
gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.
CVE-2007-6145 1 Hitachi 1 Jp1 File Transmission Server 2025-04-09 N/A
Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-01 allows remote attackers to bypass authentication and "view files" via unspecified vectors.
CVE-2007-6226 1 Apc 2 Oas, Switched Rack Pdu Firmware 2025-04-09 N/A
The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits.
CVE-2007-6234 1 Ftp Admin 1 Ftp Admin 2025-04-09 N/A
index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account.
CVE-2009-4584 1 Dbmasters 1 Db Masters Multimedia Links Directory 2025-04-09 N/A
admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentication and gain administrative access via a certain value of the admin_log cookie.
CVE-2009-4089 1 Telepark 1 Telepark.wiki 2025-04-09 N/A
telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php.
CVE-2009-4128 1 Gnu 1 Grub 2 2025-04-09 N/A
GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.
CVE-2009-4151 1 Bestpractical 1 Rt 2025-04-09 N/A
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a related issue to CVE-2009-3585.
CVE-2008-5945 1 Nukevietcms 1 Nukeviet 2025-04-09 N/A
Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5964 1 Impresscms 1 Impresscms 2025-04-09 N/A
Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.