Total
3717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5783 | 1 V3chat | 1 V3 Chat Live Support | 2025-04-09 | 7.5 HIGH | N/A |
| admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | |||||
| CVE-2007-1160 | 1 Webspell | 1 Webspell | 2025-04-09 | 10.0 HIGH | N/A |
| webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | |||||
| CVE-2009-0891 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.5 MEDIUM | N/A |
| The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks. | |||||
| CVE-2008-6861 | 1 Xigla | 1 Absolute Newsletter | 2025-04-09 | 7.5 HIGH | N/A |
| Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-6739 | 1 Toddwoolums | 1 Asp Download | 2025-04-09 | 7.5 HIGH | N/A |
| Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request. | |||||
| CVE-2008-6947 | 1 Collabtive | 1 Collabtive | 2025-04-09 | 7.5 HIGH | N/A |
| Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php. | |||||
| CVE-2009-0614 | 1 Cisco | 1 Unified Meetingplace Web Conferencing | 2025-04-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL. | |||||
| CVE-2009-0048 | 1 Openevidence | 1 Openevidence | 2025-04-09 | 5.0 MEDIUM | N/A |
| OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0492 | 1 Simpleircbot | 1 Simpleircbot | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerability." | |||||
| CVE-2009-0360 | 1 Eyrie | 1 Pam-krb5 | 2025-04-09 | 6.2 MEDIUM | N/A |
| Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application. | |||||
| CVE-2008-0408 | 1 Hfs | 1 Http File Server | 2025-04-09 | 6.4 MEDIUM | N/A |
| HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication. | |||||
| CVE-2009-3585 | 1 Bestpractical | 1 Rt | 2025-04-09 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain. | |||||
| CVE-2009-2255 | 1 Zen-cart | 1 Zen Cart | 2025-04-09 | 6.8 MEDIUM | N/A |
| Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/. | |||||
| CVE-2008-4614 | 1 Portalapp | 1 Portalapp | 2025-04-09 | 7.5 HIGH | N/A |
| PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies. | |||||
| CVE-2007-5113 | 1 Roi Revolution | 1 Urchin | 2025-04-09 | 5.0 MEDIUM | N/A |
| report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112. | |||||
| CVE-2024-45346 | 2025-04-08 | N/A | 8.8 HIGH | ||
| The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life. | |||||
| CVE-2025-25227 | 2025-04-08 | N/A | 7.5 HIGH | ||
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. | |||||
| CVE-2023-34124 | 1 Sonicwall | 2 Analytics, Global Management System | 2025-04-08 | N/A | 9.8 CRITICAL |
| The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2022-25027 | 1 Rocketsoftware | 1 Trufusion Enterprise | 2025-04-08 | N/A | 7.5 HIGH |
| The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked. | |||||
| CVE-2022-39184 | 1 Exfo | 2 Bv-10, Bv-10 Firmware | 2025-04-08 | N/A | 9.8 CRITICAL |
| EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass. | |||||