Total
4277 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4708 | 1 Sylvain Pasquet | 1 Bbzl.php | 2025-04-09 | N/A |
| BbZL.PhP 0.92 allows remote attackers to bypass authentication and gain administrative access by setting the phorum_admin_session cookie to 1. | ||||
| CVE-2008-6919 | 1 Taskdriver | 1 Taskdriver | 2025-04-09 | N/A |
| profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin." | ||||
| CVE-2009-3657 | 2 Drupal, Tim Nelson | 2 Drupal, Shared Sign-on | 2025-04-09 | N/A |
| Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2008-4649 | 1 Elxis | 1 Elxis Cms | 2025-04-09 | N/A |
| Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2008-0391 | 1 Alilg | 1 Alitalk | 2025-04-09 | N/A |
| inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters. | ||||
| CVE-2008-4614 | 1 Portalapp | 1 Portalapp | 2025-04-09 | N/A |
| PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies. | ||||
| CVE-2009-4151 | 1 Bestpractical | 1 Rt | 2025-04-09 | N/A |
| Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a related issue to CVE-2009-3585. | ||||
| CVE-2009-1390 | 3 Gnu, Mutt, Openssl | 3 Gnutls, Mutt, Openssl | 2025-04-09 | N/A |
| Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack. | ||||
| CVE-2008-6714 | 1 Xecms Project | 1 Xecms | 2025-04-09 | N/A |
| admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to bypass authentication and access the admin panel by setting the xecms_username cookie. | ||||
| CVE-2008-5967 | 1 Phpicalendar | 1 Phpicalendar | 2025-04-09 | N/A |
| admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root. | ||||
| CVE-2008-4244 | 1 Rianxosencabos Cms | 1 Rianxosencabos Cms | 2025-04-09 | N/A |
| Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1. | ||||
| CVE-2008-4223 | 1 Apple | 1 Mac Os X Server | 2025-04-09 | N/A |
| Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. | ||||
| CVE-2008-1949 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2025-04-09 | N/A |
| The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2. | ||||
| CVE-2008-4167 | 1 Ezphotogallery | 1 Ezphotogallery | 2025-04-09 | N/A |
| useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account. | ||||
| CVE-2008-4146 | 1 Addalink | 1 Addalink | 2025-04-09 | N/A |
| Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field. | ||||
| CVE-2008-0330 | 1 Radiator | 1 Radius Server | 2025-04-09 | N/A |
| Open System Consultants (OSC) Radiator before 4.0 allows remote attackers to cause a denial of service (daemon crash) via malformed RADIUS requests, as demonstrated by packets sent by nmap. | ||||
| CVE-2008-4032 | 1 Microsoft | 2 Office Sharepoint Server, Search Server | 2025-04-09 | N/A |
| Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." | ||||
| CVE-2009-0892 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout. | ||||
| CVE-2008-4081 | 1 Stash | 1 Stash | 2025-04-09 | N/A |
| admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie. | ||||
| CVE-2006-6997 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Standard | 2025-04-09 | N/A |
| Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792. | ||||