| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors. |
| Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. |
| Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service. |
| Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once. |
| mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors. |
| Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. |
| TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin. |
| NetSupport Manager Client before 10.20.0004 allows remote attackers to bypass the (1) basic and (2) authentication schemes by spoofing the NetSupport Manager. |
| OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports authentication with a cookie that lacks a shared secret, which allows remote attackers to login as an arbitrary user via a modified cookie. |
| Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. |
| IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows. |
| Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote attackers to obtain access to the "admin area" via a modified this_cookie cookie. |
| S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie. |
| HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL. |
| Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel. |
| Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request. |
| details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest. |
| Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. |
| Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. |
