Total
3717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3261 | 1 Livestreet | 1 Livestreet | 2025-04-09 | 7.5 HIGH | N/A |
| update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors. | |||||
| CVE-2008-7046 | 1 Ajsquare | 1 Free Polling Script | 2025-04-09 | 6.4 MEDIUM | N/A |
| AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6783 | 1 Logahead | 1 Logahead Unu | 2025-04-09 | 7.5 HIGH | N/A |
| logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3862 | 1 Novell | 1 Edirectory | 2025-04-09 | 5.0 MEDIUM | N/A |
| The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value. | |||||
| CVE-2009-1836 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | |||||
| CVE-2009-0461 | 1 Wholehogsoftware | 1 Password Protect | 2025-04-09 | 7.5 HIGH | N/A |
| Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie. | |||||
| CVE-2008-1244 | 1 Belkin | 1 F5d7230-4 | 2025-04-09 | 10.0 HIGH | N/A |
| cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected. | |||||
| CVE-2007-6714 | 1 Dbmail | 1 Dbmail | 2025-04-09 | 6.8 MEDIUM | N/A |
| DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication. | |||||
| CVE-2009-1825 | 1 Collector | 1 Mycolex | 2025-04-09 | 4.0 MEDIUM | N/A |
| modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action. | |||||
| CVE-2008-6307 | 1 E-topbiz | 1 Link Back Checker | 2025-04-09 | 7.5 HIGH | N/A |
| E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin." | |||||
| CVE-2008-1154 | 1 Cisco | 4 Emergency Responder, Mobility Manager, Unified Communications Manager and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
| The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2009-3966 | 1 Arcadetradescript | 1 Arcade Trade Script | 2025-04-09 | 7.5 HIGH | N/A |
| Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true. | |||||
| CVE-2008-4032 | 1 Microsoft | 2 Office Sharepoint Server, Search Server | 2025-04-09 | 7.5 HIGH | N/A |
| Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." | |||||
| CVE-2008-6719 | 1 Uochm | 1 Justlistit | 2025-04-09 | 7.5 HIGH | N/A |
| U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) start.php, (2) aktivitet.php, (3) prop_aktivitet.php, (4) kategorier.php, (5) konfig.php, (6) security.php, (7) manual.php, and possibly (8) index.php. | |||||
| CVE-2009-2066 | 1 Apple | 1 Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
| Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | |||||
| CVE-2008-3320 | 1 Maian | 1 Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
| admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie. | |||||
| CVE-2009-0126 | 1 Berkeley | 1 Boinc Client | 2025-04-09 | 5.0 MEDIUM | N/A |
| The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2008-3322 | 1 Maian | 1 Recipe | 2025-04-09 | 7.5 HIGH | N/A |
| admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie. | |||||
| CVE-2009-0653 | 1 Openssl | 1 Openssl | 2025-04-09 | 7.5 HIGH | N/A |
| OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970. | |||||
| CVE-2008-6716 | 1 Preprojects | 1 Pre Ads Portal | 2025-04-09 | 7.5 HIGH | N/A |
| homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not require administrative authentication, which allows remote attackers to have an unspecified impact via a direct request. | |||||