Total
4106 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1549 | 1 Agtc | 1 Agtc Myshop | 2025-04-09 | N/A |
| AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto." | ||||
| CVE-2008-5082 | 1 Redhat | 2 Dogtag Certificate System, Certificate System | 2025-04-09 | N/A |
| The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key. | ||||
| CVE-2007-5714 | 1 Gentoo | 1 Mldonkey Ebuild | 2025-04-09 | N/A |
| The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code. | ||||
| CVE-2008-3292 | 1 Ezwebalbum | 1 Ezwebalbum | 2025-04-09 | N/A |
| constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php. | ||||
| CVE-2008-0640 | 1 Symantec | 1 Ghost Solutions Suite | 2025-04-09 | N/A |
| Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing. | ||||
| CVE-2009-1489 | 1 Rens Rikkerink | 1 Fungamez | 2025-04-09 | N/A |
| includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter. | ||||
| CVE-2008-3466 | 1 Microsoft | 3 Host Integration Server 2000, Host Integration Server 2004, Host Integration Server 2006 | 2025-04-09 | N/A |
| Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." | ||||
| CVE-2008-6445 | 1 Yourplace | 1 Yourplace | 2025-04-09 | N/A |
| Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6783 | 1 Logahead | 1 Logahead Unu | 2025-04-09 | N/A |
| logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2277 | 1 Plogger | 1 Plogger | 2025-04-09 | N/A |
| Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2009-0906 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors. | ||||
| CVE-2009-0892 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout. | ||||
| CVE-2009-0864 | 1 Matteoiammarrone | 1 S-cms | 2025-04-09 | N/A |
| S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie. | ||||
| CVE-2007-1160 | 1 Webspell | 1 Webspell | 2025-04-09 | N/A |
| webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | ||||
| CVE-2008-6039 | 1 Bluepage | 1 Bluepage Cms | 2025-04-09 | N/A |
| Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2009-0669 | 1 Zope | 1 Zodb | 2025-04-09 | N/A |
| Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol. | ||||
| CVE-2009-4151 | 1 Bestpractical | 1 Rt | 2025-04-09 | N/A |
| Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a related issue to CVE-2009-3585. | ||||
| CVE-2009-1595 | 1 Igniterealtime | 1 Openfire | 2025-04-09 | N/A |
| The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action. | ||||
| CVE-2009-0655 | 1 Lenovo | 1 Veriface | 2025-04-09 | N/A |
| Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user. | ||||
| CVE-2008-6723 | 1 Turnkeyforms | 1 Entertainment Portal | 2025-04-09 | N/A |
| TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator. | ||||