Search Results (4518 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6719 1 Uochm 1 Justlistit 2026-04-23 N/A
U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) start.php, (2) aktivitet.php, (3) prop_aktivitet.php, (4) kategorier.php, (5) konfig.php, (6) security.php, (7) manual.php, and possibly (8) index.php.
CVE-2009-2328 1 Max Kervin 1 Kervinet Forum 2026-04-23 N/A
admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter.
CVE-2008-7179 1 Otmanager 1 Otmanager Cms 2026-04-23 N/A
OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php.
CVE-2007-5791 1 Vonage 1 Motorola Phone Adapter Vt2142-vd 2026-04-23 N/A
The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content.
CVE-2009-0906 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors.
CVE-2008-0476 1 Manageengine 1 Applications Manager 2026-04-23 N/A
ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5708 1 Slimcms 1 Slimcms 2026-04-23 N/A
redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1.
CVE-2009-4095 1 Companionway 1 Myphile 2026-04-23 N/A
myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.
CVE-2009-1122 1 Microsoft 2 Internet Information Services, Windows 2000 2026-04-23 N/A
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
CVE-2009-4089 1 Telepark 1 Telepark.wiki 2026-04-23 N/A
telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php.
CVE-2009-2863 1 Cisco 1 Ios 2026-04-23 N/A
Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.
CVE-2007-5383 2 Alcatel, Bt 2 Speedtouch 7g Router, Home Hub 2026-04-23 N/A
The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka "double-slash auth bypass." NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues.
CVE-2008-5125 1 Castillocentral 1 Ccleague 2026-04-23 N/A
admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin.
CVE-2008-4649 1 Elxis 1 Elxis Cms 2026-04-23 N/A
Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2009-3107 1 Symantec 1 Altiris Deployment Solution 2026-04-23 N/A
Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.
CVE-2007-6398 1 Flat Php 1 Board 2026-04-23 N/A
Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpb_username cookie.
CVE-2008-6569 1 Cybozu 1 Garoon 2026-04-23 N/A
Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page.
CVE-2007-5770 2 Redhat, Ruby-lang 2 Enterprise Linux, Ruby 2026-04-23 N/A
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
CVE-2008-2347 1 Mypicgallery 1 Mypicgallery 2026-04-23 N/A
MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php.
CVE-2009-4232 2 Jonijnm, Joomla 2 Com Kide, Joomla\! 2026-04-23 N/A
The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.