Total
3717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1664 | 1 Easy-scripts | 1 Answer And Question Script | 2025-04-09 | 7.5 HIGH | N/A |
| myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters. | |||||
| CVE-2007-2277 | 1 Plogger | 1 Plogger | 2025-04-09 | 7.5 HIGH | N/A |
| Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
| CVE-2008-3738 | 1 Spacetag | 1 Lacoodast | 2025-04-09 | 6.8 MEDIUM | 9.1 CRITICAL |
| Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2009-0030 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-09 | 6.5 MEDIUM | N/A |
| A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663. | |||||
| CVE-2007-3177 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2025-04-09 | 5.0 MEDIUM | N/A |
| Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter. | |||||
| CVE-2008-3866 | 1 Trend Micro | 3 Internet Security 2007, Internet Security 2008, Officescan | 2025-04-09 | 4.6 MEDIUM | N/A |
| The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets. | |||||
| CVE-2008-5880 | 1 Gobbl | 1 Gobbl Cms | 2025-04-09 | 7.5 HIGH | N/A |
| admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok". | |||||
| CVE-2008-3610 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.6 HIGH | N/A |
| Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list. | |||||
| CVE-2007-4680 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. | |||||
| CVE-2007-5578 | 1 Secureideas | 1 Basic Analysis And Security Engine | 2025-04-09 | 7.5 HIGH | N/A |
| Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors. | |||||
| CVE-2008-6856 | 1 Xigla | 1 Absolute News Manager.net | 2025-04-09 | 7.5 HIGH | N/A |
| Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-6815 | 1 Myktools | 1 Myktools | 2025-04-09 | 5.0 MEDIUM | N/A |
| mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup. | |||||
| CVE-2009-1618 | 1 Teraway | 1 Livehelp | 2025-04-09 | 7.5 HIGH | N/A |
| Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie. | |||||
| CVE-2008-7045 | 1 Ajsquare | 1 Free Polling Script | 2025-04-09 | 6.4 MEDIUM | N/A |
| AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to bypass authentication and reset poll votes via a direct request to admin/resetvote.php. | |||||
| CVE-2008-3203 | 1 Auracms | 1 Auracms | 2025-04-09 | 7.5 HIGH | N/A |
| js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter. | |||||
| CVE-2009-3027 | 1 Symantec | 23 Backup Exec Continuous Protection Server, Veritas Application Director, Veritas Backup Exec and 20 more | 2025-04-09 | 10.0 HIGH | N/A |
| VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300. | |||||
| CVE-2008-7019 | 1 Esqlanelapse | 1 Esqlanelapse | 2025-04-09 | 7.5 HIGH | N/A |
| Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authentication and gain privileges via modified (1) enombre and (2) euri cookies. | |||||
| CVE-2009-2697 | 2 Gnome, Redhat | 2 Gdm, Enterprise Linux | 2025-04-09 | 6.8 MEDIUM | N/A |
| The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079. | |||||
| CVE-2009-2231 | 1 Mid.as | 1 Midas | 2025-04-09 | 7.5 HIGH | N/A |
| MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie. | |||||
| CVE-2007-6237 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | 9.0 HIGH | N/A |
| cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than CVE-2006-4078. NOTE: this can be leveraged for administrative access by requesting password-reset e-mail through a lostpw action to misc.php. | |||||