Total
4277 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1971 | 1 Phphq | 1 Phshoutbox Final | 2025-04-09 | N/A |
| phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php. | ||||
| CVE-2007-4692 | 2 Apple, Microsoft | 4 Mac Os X, Mac Os X Server, Safari and 1 more | 2025-04-09 | N/A |
| The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. | ||||
| CVE-2008-1244 | 1 Belkin | 1 F5d7230-4 | 2025-04-09 | N/A |
| cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected. | ||||
| CVE-2009-4232 | 2 Jonijnm, Joomla | 2 Com Kide, Joomla\! | 2025-04-09 | N/A |
| The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-0046 | 1 Sun | 1 Grid Engine | 2025-04-09 | N/A |
| Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | ||||
| CVE-2009-0653 | 1 Openssl | 1 Openssl | 2025-04-09 | N/A |
| OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970. | ||||
| CVE-2007-4632 | 1 Cisco | 1 Ios | 2025-04-09 | N/A |
| Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105. | ||||
| CVE-2009-1050 | 1 Kamads | 1 Bloginator | 2025-04-09 | N/A |
| Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie. | ||||
| CVE-2009-0492 | 1 Simpleircbot | 1 Simpleircbot | 2025-04-09 | N/A |
| Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerability." | ||||
| CVE-2008-5407 | 1 Symantec | 1 Backup Exec For Windows Server | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. | ||||
| CVE-2008-7124 | 1 Zkup | 1 Zkup | 2025-04-09 | N/A |
| zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator. | ||||
| CVE-2009-1638 | 1 T-dreams | 1 Job Career Package | 2025-04-09 | N/A |
| Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login. | ||||
| CVE-2009-1670 | 1 Tcpdb | 1 Tcpdb | 2025-04-09 | N/A |
| user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-7086 | 1 Maianscriptworld | 1 Maian Greetings | 2025-04-09 | N/A |
| Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin. | ||||
| CVE-2008-4721 | 1 Php Jabbers | 1 Post Comment | 2025-04-09 | N/A |
| PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged." | ||||
| CVE-2008-7046 | 1 Ajsquare | 1 Free Polling Script | 2025-04-09 | N/A |
| AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-7047 | 1 Natterchat | 1 Natterchat | 2025-04-09 | N/A |
| NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp. | ||||
| CVE-2008-3264 | 1 Asterisk | 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more | 2025-04-09 | N/A |
| The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request. | ||||
| CVE-2008-7045 | 1 Ajsquare | 1 Free Polling Script | 2025-04-09 | N/A |
| AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to bypass authentication and reset poll votes via a direct request to admin/resetvote.php. | ||||
| CVE-2007-3597 | 1 Zen Cart | 1 Zen Cart | 2025-04-09 | N/A |
| Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. | ||||