Total
3930 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2920 | 1 Ezcms | 1 Eztechhelp Ezcms | 2025-04-09 | 7.5 HIGH | N/A |
| admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and earlier does not require authentication, which allows remote attackers to create, modify, read, and delete files. | |||||
| CVE-2008-3425 | 1 Sun | 2 Java System Web Server Plugin, N1 Service Provisioning System | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors. | |||||
| CVE-2008-3814 | 1 Cisco | 1 Unity | 2025-04-09 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once. | |||||
| CVE-2009-1638 | 1 T-dreams | 1 Job Career Package | 2025-04-09 | 7.5 HIGH | N/A |
| Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login. | |||||
| CVE-2009-2058 | 1 Apple | 1 Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
| Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | |||||
| CVE-2003-1574 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-09 | 7.5 HIGH | N/A |
| TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0640 | 1 Symantec | 1 Ghost Solutions Suite | 2025-04-09 | 10.0 HIGH | N/A |
| Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing. | |||||
| CVE-2008-4679 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate. | |||||
| CVE-2003-1570 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-09 | 3.5 LOW | N/A |
| The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure." | |||||
| CVE-2009-4151 | 1 Bestpractical | 1 Rt | 2025-04-09 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a related issue to CVE-2009-3585. | |||||
| CVE-2007-6601 | 3 Debian, Fedoraproject, Postgresql | 3 Debian Linux, Fedora, Postgresql | 2025-04-09 | 7.2 HIGH | N/A |
| The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278. | |||||
| CVE-2006-5268 | 1 Trend Micro | 1 Serverprotect | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface." | |||||
| CVE-2008-3703 | 1 Symantec | 1 Veritas Storage Foundation | 2025-04-09 | 10.0 HIGH | N/A |
| The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279. | |||||
| CVE-2007-6006 | 1 Testlink | 1 Testlink | 2025-04-09 | 10.0 HIGH | N/A |
| TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors. | |||||
| CVE-2009-0280 | 1 Asp-project | 1 Asp-project | 2025-04-09 | 7.5 HIGH | N/A |
| Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1. | |||||
| CVE-2007-5008 | 1 Hp | 1 Hp-ux | 2025-04-09 | 9.0 HIGH | N/A |
| The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected. | |||||
| CVE-2008-5125 | 1 Castillocentral | 1 Ccleague | 2025-04-09 | 6.8 MEDIUM | N/A |
| admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin. | |||||
| CVE-2007-1062 | 1 Cisco | 4 Unified Ip Conference Station 7935, Unified Ip Conference Station 7935 Firmware, Unified Ip Conference Station 7936 and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
| The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time | |||||
| CVE-2009-1050 | 1 Kamads | 1 Bloginator | 2025-04-09 | 7.5 HIGH | N/A |
| Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie. | |||||
| CVE-2008-4649 | 1 Elxis | 1 Elxis Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||