Search Results (4210 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0129 1 Perl-openssl 1 Libcrypt-openssl-dsa-perl 2025-04-09 N/A
libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
CVE-2009-0130 1 Erlang 1 Erlang 2025-04-09 7.5 High
lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid.
CVE-2009-0138 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration.
CVE-2009-0460 1 Wholehogsoftware 1 Ware Support 2025-04-09 N/A
Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
CVE-2009-0461 1 Wholehogsoftware 1 Password Protect 2025-04-09 N/A
Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
CVE-2009-0492 1 Simpleircbot 1 Simpleircbot 2025-04-09 N/A
Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerability."
CVE-2009-0591 1 Openssl 1 Openssl 2025-04-09 N/A
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.
CVE-2009-0655 1 Lenovo 1 Veriface 2025-04-09 N/A
Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user.
CVE-2009-0614 1 Cisco 1 Unified Meetingplace Web Conferencing 2025-04-09 N/A
Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL.
CVE-2009-0642 2 Redhat, Ruby-lang 2 Enterprise Linux, Ruby 2025-04-09 N/A
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.
CVE-2009-0653 1 Openssl 1 Openssl 2025-04-09 N/A
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
CVE-2009-0662 1 Plone 2 Plone, Plonepas 2025-04-09 N/A
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
CVE-2009-0669 1 Zope 1 Zodb 2025-04-09 N/A
Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.
CVE-2009-0853 1 Stewart Howe 1 Celerbb 2025-04-09 N/A
login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value.
CVE-2009-0864 1 Matteoiammarrone 1 S-cms 2025-04-09 N/A
S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.
CVE-2009-0891 1 Ibm 1 Websphere Application Server 2025-04-09 N/A
The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks.
CVE-2009-0892 1 Ibm 1 Websphere Application Server 2025-04-09 N/A
The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.
CVE-2009-0906 1 Ibm 1 Websphere Application Server 2025-04-09 N/A
The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors.
CVE-2009-1050 1 Kamads 1 Bloginator 2025-04-09 N/A
Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie.
CVE-2009-1122 1 Microsoft 2 Internet Information Services, Windows 2000 2025-04-09 N/A
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.