Search Results (12829 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4244 1 Sql-ledger 1 Sql-ledger 2026-04-16 N/A
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.
CVE-2005-1957 1 Adam Mmedici 1 File Upload Manager 2026-04-16 N/A
mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action.
CVE-2002-2397 1 Symantec 1 Sygate Personal Firewall 2026-04-16 N/A
Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0.
CVE-2004-2736 1 Polar Software 1 Helpdesk 2026-04-16 N/A
Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie.
CVE-2006-0374 1 Advantage Century Telecommunication 1 P202s 2026-04-16 N/A
Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB remote debugging ONCRPC (aka wdbrpc) on UDP 17185, (2) reflect network data using echo (TCP 7), or (3) gain access without authentication using rlogin (TCP 513).
CVE-2003-1433 1 Epic Games 1 Unreal Engine 2026-04-16 N/A
Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times.
CVE-2006-0416 1 Sleeperchat 1 Sleeperchat 2026-04-16 N/A
SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php.
CVE-2001-0781 1 Pi-soft 1 Spoonftp 2026-04-16 N/A
Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST.
CVE-2002-0507 2 Microsoft, Rsa 2 Exchange Server, Securid 2026-04-16 N/A
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.
CVE-2005-1020 1 Cisco 1 Ios 2026-04-16 N/A
Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data.
CVE-2002-0563 1 Oracle 4 Application Server, Application Server Web Cache, Oracle8i and 1 more 2026-04-16 N/A
The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.
CVE-2001-0537 1 Cisco 1 Ios 2026-04-16 N/A
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
CVE-2006-2224 2 Quagga, Redhat 2 Quagga Routing Software Suite, Enterprise Linux 2026-04-16 N/A
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.
CVE-2004-2182 1 Macromedia 1 Jrun 2026-04-16 N/A
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.
CVE-2001-1515 1 Microsoft 1 Windows 2000 2026-04-16 7.5 High
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.
CVE-2002-2323 1 Sun 1 Solaris Pc Netlink 2026-04-16 7.5 High
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions.
CVE-2001-0195 1 Debian 1 Debian Linux 2026-04-16 7.8 High
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
CVE-2006-1228 1 Drupal 1 Drupal 2026-04-16 N/A
Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier.
CVE-2006-2113 2 Dell, Fuji Xerox 19 3000cn, 3010cn, 3100cn and 16 more 2026-04-16 N/A
The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server.
CVE-2003-1489 1 Truegalerie 1 Truegalerie 2026-04-16 N/A
upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.