Total
3930 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3158 | 1 Carsten Wulff | 1 Simplephpweb | 2025-04-09 | 7.5 HIGH | N/A |
| admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5042 | 1 Zeeways | 1 Photovideotube | 2025-04-09 | 7.5 HIGH | N/A |
| Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php. | |||||
| CVE-2008-1269 | 1 Alice | 1 Gate2 Plus Wi-fi | 2025-04-09 | 7.1 HIGH | N/A |
| cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request. | |||||
| CVE-2009-4447 | 1 Jax Scripts | 1 Jax Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
| Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php. | |||||
| CVE-2009-2085 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 7.5 HIGH | N/A |
| The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB). | |||||
| CVE-2008-7028 | 1 Aves | 1 Rpg Board | 2025-04-09 | 7.5 HIGH | N/A |
| RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges by setting the keep4u cookie to a certain value. | |||||
| CVE-2008-5945 | 1 Nukevietcms | 1 Nukeviet | 2025-04-09 | 7.5 HIGH | N/A |
| Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1587 | 1 Kalptarudemos | 1 Php Site Lock | 2025-04-09 | 7.5 HIGH | N/A |
| index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values. | |||||
| CVE-2007-6234 | 1 Ftp Admin | 1 Ftp Admin | 2025-04-09 | 10.0 HIGH | N/A |
| index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account. | |||||
| CVE-2008-2879 | 1 Benjacms | 1 Benja Cms | 2025-04-09 | 6.4 MEDIUM | N/A |
| Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers to add or delete a menu. | |||||
| CVE-2008-0391 | 1 Alilg | 1 Alitalk | 2025-04-09 | 7.5 HIGH | N/A |
| inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters. | |||||
| CVE-2009-1122 | 1 Microsoft | 2 Internet Information Services, Windows 2000 | 2025-04-09 | 7.5 HIGH | N/A |
| The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. | |||||
| CVE-2008-3428 | 1 Phpfreechat | 1 Phpfreechat | 2025-04-09 | 6.5 MEDIUM | N/A |
| Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter. | |||||
| CVE-2007-4364 | 1 Fedoraproject | 1 Commons | 2025-04-09 | 8.5 HIGH | N/A |
| Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector. | |||||
| CVE-2009-0047 | 1 Gale | 1 Gale | 2025-04-09 | 5.0 MEDIUM | N/A |
| Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2008-6857 | 1 Xigla | 1 Absolute Podcast.net | 2025-04-09 | 7.5 HIGH | N/A |
| Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-1238 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms. | |||||
| CVE-2008-5124 | 1 Jscape | 1 Secure Ftp Applet | 2025-04-09 | 7.5 HIGH | N/A |
| JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks. | |||||
| CVE-2008-5221 | 1 Wportfolio | 1 Wportfolio | 2025-04-09 | 7.5 HIGH | N/A |
| The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters. | |||||
| CVE-2008-1904 | 1 Cicoandcico | 1 Ccmail | 2025-04-09 | 7.5 HIGH | N/A |
| Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote attackers to obtain access to the "admin area" via a modified this_cookie cookie. | |||||