Export limit exceeded: 12460 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12460 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6984 1 Parallels 1 Plesk 2026-04-23 N/A
Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
CVE-2009-3441 1 Alienvault 1 Ossim 2026-04-23 N/A
Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to (1) graphs/alarms_events.php or (2) host/draw_tree.php.
CVE-2009-3585 1 Bestpractical 1 Rt 2026-04-23 N/A
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain.
CVE-2008-5575 1 Proclanmanager 1 Pro Clan Manager 2026-04-23 N/A
Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2008-3320 1 Maian 1 Guestbook 2026-04-23 N/A
admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie.
CVE-2008-6738 1 Mark Girling 1 Myshoutpro 2026-04-23 N/A
MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1.
CVE-2008-3203 1 Auracms 1 Auracms 2026-04-23 N/A
js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter.
CVE-2008-6739 1 Toddwoolums 1 Asp Download 2026-04-23 N/A
Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request.
CVE-2008-6743 1 Shock-therapy 1 Rsmscript 2026-04-23 N/A
RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which bypasses the security check that is performed by verify.php.
CVE-2008-6581 1 Phpaddedit 1 Phpaddedit 2026-04-23 N/A
login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter.
CVE-2009-3232 1 Canonical 1 Ubuntu Linux 2026-04-23 N/A
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
CVE-2008-1949 2 Gnu, Redhat 2 Gnutls, Enterprise Linux 2026-04-23 N/A
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
CVE-2009-2257 1 Netgear 1 Dg632 2026-04-23 N/A
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/.
CVE-2008-5042 1 Zeeways 1 Photovideotube 2026-04-23 N/A
Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php.
CVE-2008-1244 1 Belkin 1 F5d7230-4 2026-04-23 N/A
cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected.
CVE-2008-2833 1 Worldlevel 1 Le.cms 2026-04-23 N/A
admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters.
CVE-2009-0125 1 Finkproject 1 Libnasl 2026-04-23 N/A
NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has absolutely no security ramification.
CVE-2008-0150 1 Aruba Networks 1 Aruba Mobility Controllers 2026-04-23 N/A
Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access.
CVE-2007-6385 1 Kerio 1 Winroute Firewall 2026-04-23 N/A
The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
CVE-2008-4515 1 Blue Coat Systems 1 K9 Web Protection 2026-04-23 N/A
Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript.