Total
4065 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0492 | 1 Simpleircbot | 1 Simpleircbot | 2025-04-09 | N/A |
| Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerability." | ||||
| CVE-2008-7124 | 1 Zkup | 1 Zkup | 2025-04-09 | N/A |
| zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator. | ||||
| CVE-2008-0391 | 1 Alilg | 1 Alitalk | 2025-04-09 | N/A |
| inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters. | ||||
| CVE-2009-2064 | 1 Microsoft | 2 Internet Explorer, Pocket Ie | 2025-04-09 | N/A |
| Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | ||||
| CVE-2008-4784 | 1 Aflog | 1 Aflog | 2025-04-09 | N/A |
| aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php. | ||||
| CVE-2008-7086 | 1 Maianscriptworld | 1 Maian Greetings | 2025-04-09 | N/A |
| Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin. | ||||
| CVE-2009-2062 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. | ||||
| CVE-2008-7046 | 1 Ajsquare | 1 Free Polling Script | 2025-04-09 | N/A |
| AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-7047 | 1 Natterchat | 1 Natterchat | 2025-04-09 | N/A |
| NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp. | ||||
| CVE-2009-2058 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | ||||
| CVE-2008-7045 | 1 Ajsquare | 1 Free Polling Script | 2025-04-09 | N/A |
| AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to bypass authentication and reset poll votes via a direct request to admin/resetvote.php. | ||||
| CVE-2008-3292 | 1 Ezwebalbum | 1 Ezwebalbum | 2025-04-09 | N/A |
| constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php. | ||||
| CVE-2008-7028 | 1 Aves | 1 Rpg Board | 2025-04-09 | N/A |
| RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges by setting the keep4u cookie to a certain value. | ||||
| CVE-2009-0049 | 1 Eid | 1 Eidlib | 2025-04-09 | N/A |
| Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | ||||
| CVE-2009-2057 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-09 | N/A |
| Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | ||||
| CVE-2009-0653 | 1 Openssl | 1 Openssl | 2025-04-09 | N/A |
| OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970. | ||||
| CVE-2008-6919 | 1 Taskdriver | 1 Taskdriver | 2025-04-09 | N/A |
| profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin." | ||||
| CVE-2008-6864 | 1 Xigla | 1 Absolute Live Support .net | 2025-04-09 | N/A |
| Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2007-1949 | 1 Webblizzard | 1 Content Management System | 2025-04-09 | N/A |
| Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | ||||
| CVE-2008-4037 | 1 Microsoft | 4 Windows, Windows 2000, Windows Server 2008 and 1 more | 2025-04-09 | N/A |
| Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. | ||||