Total
4197 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3425 | 1 Sun | 2 Java System Web Server Plugin, N1 Service Provisioning System | 2025-04-09 | N/A |
| Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors. | ||||
| CVE-2008-6714 | 1 Xecms Project | 1 Xecms | 2025-04-09 | N/A |
| admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to bypass authentication and access the admin panel by setting the xecms_username cookie. | ||||
| CVE-2008-3322 | 1 Maian | 1 Recipe | 2025-04-09 | N/A |
| admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie. | ||||
| CVE-2008-3321 | 1 Maian Script World | 1 Maian Uploader | 2025-04-09 | N/A |
| admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie. | ||||
| CVE-2008-3319 | 1 Maian | 1 Links | 2025-04-09 | N/A |
| admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie. | ||||
| CVE-2008-3320 | 1 Maian | 1 Guestbook | 2025-04-09 | N/A |
| admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie. | ||||
| CVE-2007-4419 | 1 Olate | 1 Olatedownload | 2025-04-09 | N/A |
| Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area. | ||||
| CVE-2008-3203 | 1 Auracms | 1 Auracms | 2025-04-09 | N/A |
| js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter. | ||||
| CVE-2009-0853 | 1 Stewart Howe | 1 Celerbb | 2025-04-09 | N/A |
| login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value. | ||||
| CVE-2007-2277 | 1 Plogger | 1 Plogger | 2025-04-09 | N/A |
| Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2009-1504 | 1 Xigla | 1 Absolute Control Panel Xe | 2025-04-09 | N/A |
| Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1." | ||||
| CVE-2008-2879 | 1 Benjacms | 1 Benja Cms | 2025-04-09 | N/A |
| Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers to add or delete a menu. | ||||
| CVE-2008-5407 | 1 Symantec | 1 Backup Exec For Windows Server | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. | ||||
| CVE-2008-6307 | 1 E-topbiz | 1 Link Back Checker | 2025-04-09 | N/A |
| E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin." | ||||
| CVE-2009-1754 | 1 Google | 1 Android | 2025-04-09 | N/A |
| The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application. | ||||
| CVE-2009-2422 | 2 Apple, Rubyonrails | 3 Mac Os X, Mac Os X Server, Ruby On Rails | 2025-04-09 | 9.8 Critical |
| The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password. | ||||
| CVE-2009-2159 | 1 Torrenttrader | 1 Torrenttrader Classic | 2025-04-09 | N/A |
| backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/. | ||||
| CVE-2008-6804 | 1 Tribiq | 1 Tribiq Cms | 2025-04-09 | N/A |
| Tribiq CMS 5.0.9a beta allows remote attackers to bypass authentication and gain administrative access by setting the COOKIE_LAST_ADMIN_USER and COOKIE_LAST_ADMIN_LANG cookies. NOTE: a third party reports that the vendor disputes the existence of this issue | ||||
| CVE-2007-4203 | 1 Mambo | 1 Mambo Open Source | 2025-04-09 | N/A |
| Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. | ||||
| CVE-2008-2730 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | N/A |
| The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843. | ||||