Search Results (12755 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2233 1 Awscripts 1 Gallery Search Engine 2026-04-23 N/A
The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1.
CVE-2009-0051 1 Zxid 1 Zxid 2026-04-23 N/A
ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
CVE-2009-2231 1 Mid.as 1 Midas 2026-04-23 N/A
MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie.
CVE-2008-1868 1 Pixel Motion 1 Pixel Motion Blog 2026-04-23 N/A
admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information.
CVE-2008-4689 1 Mantis 1 Mantis 2026-04-23 N/A
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
CVE-2008-6947 1 Collabtive 1 Collabtive 2026-04-23 N/A
Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php.
CVE-2008-6939 1 Turnkeyforms 1 Web Hosting Directory 2026-04-23 N/A
TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username.
CVE-2008-5686 1 Ibm 1 Tivoli Provisioning Manager 2026-04-23 N/A
IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows.
CVE-2008-4167 1 Ezphotogallery 1 Ezphotogallery 2026-04-23 N/A
useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account.
CVE-2008-6916 2 John Doe, Siemens 2 Netport Software, Speedstream 5200 2026-04-23 N/A
Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.
CVE-2008-4146 1 Addalink 1 Addalink 2026-04-23 N/A
Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field.
CVE-2008-5721 1 Sapporoworks 1 Blackjumbodog 2026-04-23 N/A
SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors.
CVE-2008-2282 1 Thomas Voecking 1 Internet Photoshow 2026-04-23 N/A
admin.php in Internet Photoshow and Internet Photoshow Special Edition (SE) allows remote attackers to bypass authentication by setting the login_admin cookie to true.
CVE-2007-5085 1 Apache 1 Geronimo 2026-04-23 N/A
Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
CVE-2007-5162 2 Redhat, Ruby-lang 2 Enterprise Linux, Ruby 2026-04-23 N/A
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
CVE-2007-6237 1 Deluxebb 1 Deluxebb 2026-04-23 N/A
cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than CVE-2006-4078. NOTE: this can be leveraged for administrative access by requesting password-reset e-mail through a lostpw action to misc.php.
CVE-2008-6440 2 Cerberus, Webgroupmedia 2 Cerberus Helpdesk, Cerberus Helpdesk 2026-04-23 N/A
Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.
CVE-2008-6445 1 Yourplace 1 Yourplace 2026-04-23 N/A
Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information.
CVE-2008-6455 1 Edikon 1 Phpshop 2026-04-23 N/A
Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6523 1 Cale Dunlap 1 Openinvoice 2026-04-23 N/A
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users.