Export limit exceeded: 12498 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12498 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1905 | 1 Ibm | 1 Db2 | 2026-04-23 | N/A |
| The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors. | ||||
| CVE-2009-1878 | 1 Adobe | 1 Coldfusion | 2026-04-23 | N/A |
| Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2009-1854 | 1 Cmsnx | 1 Million Dollar Text Links | 2026-04-23 | N/A |
| Million Dollar Text Links 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the userid cookie to 1. | ||||
| CVE-2009-1664 | 1 Easy-scripts | 1 Answer And Question Script | 2026-04-23 | N/A |
| myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters. | ||||
| CVE-2008-2269 | 1 Kevin Ludlow | 1 Austinsmoke Gastracker | 2026-04-23 | N/A |
| AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers to bypass authentication and gain privileges by setting the gastracker_admin cookie to TRUE. | ||||
| CVE-2008-0210 | 1 Uebimiau | 1 Webmail | 2026-04-23 | N/A |
| Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140. | ||||
| CVE-2008-1727 | 1 Myknowledgequest | 1 Knowledgequest | 2026-04-23 | N/A |
| KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts. | ||||
| CVE-2008-1269 | 1 Alice | 1 Gate2 Plus Wi-fi | 2026-04-23 | N/A |
| cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request. | ||||
| CVE-2007-5374 | 1 Lightblog | 1 Lightblog | 2026-04-23 | N/A |
| cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account. | ||||
| CVE-2009-2382 | 1 Jay-jayx0r | 1 Phpmyblockchecker | 2026-04-23 | 9.8 Critical |
| admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN. | ||||
| CVE-2007-3050 | 1 Chameleon Cms | 1 Chameleon Cms | 2026-04-23 | N/A |
| Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2009-2159 | 1 Torrenttrader | 1 Torrenttrader Classic | 2026-04-23 | N/A |
| backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/. | ||||
| CVE-2008-0391 | 1 Alilg | 1 Alitalk | 2026-04-23 | N/A |
| inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters. | ||||
| CVE-2009-0669 | 1 Zope | 1 Zodb | 2026-04-23 | N/A |
| Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol. | ||||
| CVE-2009-0662 | 1 Plone | 2 Plone, Plonepas | 2026-04-23 | N/A |
| The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors. | ||||
| CVE-2009-0124 | 1 Arrl | 1 Tqsllib | 2026-04-23 | N/A |
| The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | ||||
| CVE-2008-6664 | 1 Yarck | 1 Sh-news | 2026-04-23 | N/A |
| action.php in SH-News 3.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values. | ||||
| CVE-2008-1327 | 1 Gallarific | 1 Gallarific | 2026-04-23 | N/A |
| Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1321 | 1 Asg-sentry | 1 Asg-sentry | 2026-04-23 | N/A |
| The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier does require authentication, which allows remote attackers to cause a denial of service (service termination) via the exit command to TCP port 6162, or have other impacts via other commands. | ||||
| CVE-2009-3421 | 1 Zenas | 1 Pao-bacheca Guestbook | 2026-04-23 | 9.8 Critical |
| login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1. | ||||