Total
4064 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3504 | 1 Mpfm | 1 Mask Php File Manager | 2025-04-09 | N/A |
| Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 has unknown impact and remote attack vectors related to "manipulation of cookies." | ||||
| CVE-2006-6783 | 1 Logahead | 1 Logahead Unu | 2025-04-09 | N/A |
| logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-3503 | 1 Webgui | 1 Plain Black Webgui | 2025-04-09 | N/A |
| RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data). | ||||
| CVE-2007-4043 | 1 Securecomputing | 1 Securityreporter | 2025-04-09 | 9.8 Critical |
| file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files. | ||||
| CVE-2008-3407 | 1 Phplinkat | 1 Phplinkat | 2025-04-09 | N/A |
| phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie. | ||||
| CVE-2008-3375 | 1 Jamroom | 1 Jamroom | 2025-04-09 | N/A |
| The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie. | ||||
| CVE-2008-3411 | 1 Axesstel | 1 Akw-d800 | 2025-04-09 | N/A |
| The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests. | ||||
| CVE-2008-5221 | 1 Wportfolio | 1 Wportfolio | 2025-04-09 | N/A |
| The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters. | ||||
| CVE-2009-0128 | 1 Llnl | 1 Slurm | 2025-04-09 | N/A |
| plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Resource Management (aka SLURM or slurm-llnl) does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | ||||
| CVE-2009-0049 | 1 Eid | 1 Eidlib | 2025-04-09 | N/A |
| Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | ||||
| CVE-2008-2920 | 1 Ezcms | 1 Eztechhelp Ezcms | 2025-04-09 | N/A |
| admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and earlier does not require authentication, which allows remote attackers to create, modify, read, and delete files. | ||||
| CVE-2002-2427 | 1 Goahead | 1 Goahead Webserver | 2025-04-09 | N/A |
| The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. | ||||
| CVE-2009-1580 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2025-04-09 | N/A |
| Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. | ||||
| CVE-2008-2879 | 1 Benjacms | 1 Benja Cms | 2025-04-09 | N/A |
| Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers to add or delete a menu. | ||||
| CVE-2008-3203 | 1 Auracms | 1 Auracms | 2025-04-09 | N/A |
| js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter. | ||||
| CVE-2009-4151 | 1 Bestpractical | 1 Rt | 2025-04-09 | N/A |
| Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a related issue to CVE-2009-3585. | ||||
| CVE-2008-1904 | 1 Cicoandcico | 1 Ccmail | 2025-04-09 | N/A |
| Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote attackers to obtain access to the "admin area" via a modified this_cookie cookie. | ||||
| CVE-2009-0892 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout. | ||||
| CVE-2008-6858 | 1 Xigla | 1 Absolute Banner Manager.net | 2025-04-09 | N/A |
| Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2008-2528 | 1 Citrix | 1 Access Gateway | 2025-04-09 | N/A |
| Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors. | ||||