Search Results (4210 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0864 1 Matteoiammarrone 1 S-cms 2025-04-09 N/A
S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.
CVE-2009-0891 1 Ibm 1 Websphere Application Server 2025-04-09 N/A
The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks.
CVE-2009-0892 1 Ibm 1 Websphere Application Server 2025-04-09 N/A
The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.
CVE-2009-0906 1 Ibm 1 Websphere Application Server 2025-04-09 N/A
The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors.
CVE-2009-1050 1 Kamads 1 Bloginator 2025-04-09 N/A
Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie.
CVE-2009-1384 2 Eyrie, Redhat 2 Pam-krb5, Enterprise Linux 2025-04-09 N/A
pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
CVE-2009-1390 3 Gnu, Mutt, Openssl 3 Gnutls, Mutt, Openssl 2025-04-09 N/A
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
CVE-2009-1489 1 Rens Rikkerink 1 Fungamez 2025-04-09 N/A
includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter.
CVE-2009-1504 1 Xigla 1 Absolute Control Panel Xe 2025-04-09 N/A
Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."
CVE-2009-1535 1 Microsoft 3 Internet Information Services, Windows Server 2003, Windows Xp 2025-04-09 N/A
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.
CVE-2009-1580 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2025-04-09 N/A
Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.
CVE-2009-1587 1 Kalptarudemos 1 Php Site Lock 2025-04-09 N/A
index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values.
CVE-2009-1595 1 Igniterealtime 1 Openfire 2025-04-09 N/A
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.
CVE-2009-1596 1 Igniterealtime 1 Openfire 2025-04-09 6.5 Medium
Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet.
CVE-2009-1617 1 Teraway 1 Linktracker 2025-04-09 N/A
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.
CVE-2009-1618 1 Teraway 1 Livehelp 2025-04-09 N/A
Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.
CVE-2009-1619 1 Teraway 1 Filestream 2025-04-09 N/A
Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.
CVE-2009-0021 2 Ntp, Redhat 2 Ntp, Enterprise Linux 2025-04-09 N/A
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
CVE-2009-0030 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2025-04-09 N/A
A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.
CVE-2009-0046 1 Sun 1 Grid Engine 2025-04-09 N/A
Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.