Search Results (12460 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0642 2 Redhat, Ruby-lang 2 Enterprise Linux, Ruby 2026-04-23 N/A
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.
CVE-2009-3027 1 Symantec 23 Backup Exec Continuous Protection Server, Veritas Application Director, Veritas Backup Exec and 20 more 2026-04-23 N/A
VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300.
CVE-2002-2427 1 Goahead 1 Goahead Webserver 2026-04-23 N/A
The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.
CVE-2009-3261 1 Livestreet 1 Livestreet 2026-04-23 N/A
update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors.
CVE-2009-4409 1 Iij 1 Seil\/b1 2026-04-23 N/A
The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack.
CVE-2009-0591 1 Openssl 1 Openssl 2026-04-23 N/A
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.
CVE-2009-0085 1 Microsoft 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more 2026-04-23 N/A
The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
CVE-2008-4721 1 Php Jabbers 1 Post Comment 2026-04-23 N/A
PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."
CVE-2008-6269 1 Joovili 1 Joovili 2026-04-23 N/A
Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users.
CVE-2009-2003 1 Ascadnetworks 1 Password Protector Sd 2026-04-23 N/A
Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin."
CVE-2008-0403 1 Belkin 1 F5d9230-4 2026-04-23 N/A
The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi.
CVE-2008-6523 1 Cale Dunlap 1 Openinvoice 2026-04-23 N/A
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users.
CVE-2009-1754 1 Google 1 Android 2026-04-23 N/A
The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application.
CVE-2008-4081 1 Stash 1 Stash 2026-04-23 N/A
admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie.
CVE-2008-6858 1 Xigla 1 Absolute Banner Manager.net 2026-04-23 N/A
Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
CVE-2009-0655 1 Lenovo 1 Veriface 2026-04-23 N/A
Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user.
CVE-2008-1897 1 Asterisk 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more 2026-04-23 N/A
The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.
CVE-2007-5162 2 Redhat, Ruby-lang 2 Enterprise Linux, Ruby 2026-04-23 N/A
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
CVE-2008-1868 1 Pixel Motion 1 Pixel Motion Blog 2026-04-23 N/A
admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information.
CVE-2008-7007 1 Phpversion 1 Php Vx Guestbook 2026-04-23 N/A
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1.