Search Results (4210 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0049 1 Eid 1 Eidlib 2025-04-09 N/A
Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
CVE-2009-0051 1 Zxid 1 Zxid 2025-04-09 N/A
ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
CVE-2009-0085 1 Microsoft 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more 2025-04-09 N/A
The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
CVE-2009-0124 1 Arrl 1 Tqsllib 2025-04-09 N/A
The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
CVE-2009-0125 1 Finkproject 1 Libnasl 2025-04-09 N/A
NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has absolutely no security ramification.
CVE-2009-0126 1 Berkeley 1 Boinc Client 2025-04-09 N/A
The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
CVE-2009-0127 1 Heikkitoivonen 1 M2crypto 2025-04-09 N/A
M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a Linux vendor disputes the relevance of this report to the M2Crypto product because "these functions are not used anywhere in m2crypto.
CVE-2009-0128 1 Llnl 1 Slurm 2025-04-09 N/A
plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Resource Management (aka SLURM or slurm-llnl) does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
CVE-2009-0129 1 Perl-openssl 1 Libcrypt-openssl-dsa-perl 2025-04-09 N/A
libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
CVE-2009-0130 1 Erlang 1 Erlang 2025-04-09 7.5 High
lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid.
CVE-2009-0138 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration.
CVE-2009-0662 1 Plone 2 Plone, Plonepas 2025-04-09 N/A
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
CVE-2009-0669 1 Zope 1 Zodb 2025-04-09 N/A
Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.
CVE-2009-0853 1 Stewart Howe 1 Celerbb 2025-04-09 N/A
login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value.
CVE-2009-0864 1 Matteoiammarrone 1 S-cms 2025-04-09 N/A
S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.
CVE-2009-0891 1 Ibm 1 Websphere Application Server 2025-04-09 N/A
The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks.
CVE-2009-0892 1 Ibm 1 Websphere Application Server 2025-04-09 N/A
The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.
CVE-2009-0906 1 Ibm 1 Websphere Application Server 2025-04-09 N/A
The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors.
CVE-2009-1489 1 Rens Rikkerink 1 Fungamez 2025-04-09 N/A
includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter.
CVE-2009-1504 1 Xigla 1 Absolute Control Panel Xe 2025-04-09 N/A
Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."