Total
4198 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3261 | 1 Livestreet | 1 Livestreet | 2025-04-09 | N/A |
| update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors. | ||||
| CVE-2007-3050 | 1 Chameleon Cms | 1 Chameleon Cms | 2025-04-09 | N/A |
| Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2009-3158 | 1 Carsten Wulff | 1 Simplephpweb | 2025-04-09 | N/A |
| admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-1130 | 1 Ibm | 1 Websphere Mq | 2025-04-09 | N/A |
| Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel. | ||||
| CVE-2008-4622 | 1 Phpfastnews | 1 Phpfastnews | 2025-04-09 | N/A |
| The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1. | ||||
| CVE-2007-6226 | 1 Apc | 2 Oas, Switched Rack Pdu Firmware | 2025-04-09 | N/A |
| The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits. | ||||
| CVE-2007-5391 | 1 Hp | 1 Select Identity | 2025-04-09 | N/A |
| Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors. | ||||
| CVE-2009-0125 | 1 Finkproject | 1 Libnasl | 2025-04-09 | N/A |
| NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has absolutely no security ramification. | ||||
| CVE-2009-2863 | 1 Cisco | 1 Ios | 2025-04-09 | N/A |
| Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227. | ||||
| CVE-2009-0280 | 1 Asp-project | 1 Asp-project | 2025-04-09 | N/A |
| Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1. | ||||
| CVE-2009-2231 | 1 Mid.as | 1 Midas | 2025-04-09 | N/A |
| MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie. | ||||
| CVE-2007-2277 | 1 Plogger | 1 Plogger | 2025-04-09 | N/A |
| Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2008-4722 | 1 Sun | 37 Blade 6000 Modular System With Chassis, Blade 6048 Modular System With Chassis, Blade 8000 Modular System and 34 more | 2025-04-09 | N/A |
| Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors. | ||||
| CVE-2009-1535 | 1 Microsoft | 3 Internet Information Services, Windows Server 2003, Windows Xp | 2025-04-09 | N/A |
| The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122. | ||||
| CVE-2007-4632 | 1 Cisco | 1 Ios | 2025-04-09 | N/A |
| Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105. | ||||
| CVE-2008-1469 | 1 Gallarific | 1 Gallarific | 2025-04-09 | N/A |
| Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1528 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2025-04-09 | N/A |
| ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys. | ||||
| CVE-2008-5692 | 1 Ipswitch | 1 Ws Ftp | 2025-04-09 | N/A |
| Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name. | ||||
| CVE-2008-1971 | 1 Phphq | 1 Phshoutbox Final | 2025-04-09 | N/A |
| phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php. | ||||
| CVE-2009-1878 | 1 Adobe | 1 Coldfusion | 2025-04-09 | N/A |
| Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | ||||