Search Results (4210 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3966 1 Arcadetradescript 1 Arcade Trade Script 2025-04-09 N/A
Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true.
CVE-2009-4584 1 Dbmasters 1 Db Masters Multimedia Links Directory 2025-04-09 N/A
admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentication and gain administrative access via a certain value of the admin_log cookie.
CVE-2007-4438 1 Ampache 1 Ampache 2025-04-09 N/A
Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2007-3754 1 Apple 2 Iphone, Iphone Os 2025-04-09 N/A
Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.
CVE-2008-0377 1 News 1 Micronews 2025-04-09 N/A
MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php.
CVE-2007-0435 1 T-com 2 Speedport 500v, Speedport 500v Firmware 2025-04-09 N/A
T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value.
CVE-2007-1062 1 Cisco 4 Unified Ip Conference Station 7935, Unified Ip Conference Station 7935 Firmware, Unified Ip Conference Station 7936 and 1 more 2025-04-09 N/A
The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time
CVE-2007-1228 2 Ibm, Unix 2 Db2, Unix 2025-04-09 N/A
IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.
CVE-2007-1160 1 Webspell 1 Webspell 2025-04-09 N/A
webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
CVE-2008-4081 1 Stash 1 Stash 2025-04-09 N/A
admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie.
CVE-2007-1480 1 Creative Guestbook 1 Creative Guestbook 2025-04-09 N/A
Creative Guestbook 1.0 allows remote attackers to add an administrative account via a direct request to createadmin.php with Name, Email, and PASSWORD parameters set.
CVE-2007-1859 2 Redhat, Xscreensaver 4 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation and 1 more 2025-04-09 N/A
XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.
CVE-2007-1949 1 Webblizzard 1 Content Management System 2025-04-09 N/A
Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
CVE-2007-1951 1 Onelook 1 Oboshop 2025-04-09 N/A
Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
CVE-2007-1952 1 Onelook 1 Onebyone Cms 2025-04-09 N/A
Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
CVE-2007-1953 1 Onelook 1 Courts Online 2025-04-09 N/A
Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
CVE-2007-1966 1 Exv2 1 Content Management System 2025-04-09 9.1 Critical
Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.
CVE-2007-2243 1 Openbsd 1 Openssh 2025-04-09 N/A
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
CVE-2007-2277 1 Plogger 1 Plogger 2025-04-09 N/A
Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2007-2546 1 Simple Machines 1 Simple Machines Forum 2025-04-09 N/A
Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.