Search Results (11727 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4146 1 Addalink 1 Addalink 2026-04-23 N/A
Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field.
CVE-2008-3203 1 Auracms 1 Auracms 2026-04-23 N/A
js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter.
CVE-2008-5686 1 Ibm 1 Tivoli Provisioning Manager 2026-04-23 N/A
IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows.
CVE-2008-1259 1 Zyxel 1 P-2602hw-d1a 2026-04-23 N/A
The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated within the previous 5 minutes.
CVE-2008-4223 1 Apple 1 Mac Os X Server 2026-04-23 N/A
Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors.
CVE-2009-2065 1 Mozilla 1 Firefox 2026-04-23 N/A
Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
CVE-2009-2067 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
CVE-2007-4419 1 Olate 1 Olatedownload 2026-04-23 N/A
Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.
CVE-2008-3905 2 Redhat, Ruby-lang 2 Enterprise Linux, Ruby 2026-04-23 N/A
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
CVE-2008-5575 1 Proclanmanager 1 Pro Clan Manager 2026-04-23 N/A
Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2008-5158 1 Clientsoftware 1 Wincome Mpd Total 2026-04-23 N/A
Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving "simply skipping the auth stage."
CVE-2008-5880 1 Gobbl 1 Gobbl Cms 2026-04-23 N/A
admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok".
CVE-2008-5124 1 Jscape 1 Secure Ftp Applet 2026-04-23 N/A
JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks.
CVE-2008-5125 1 Castillocentral 1 Ccleague 2026-04-23 N/A
admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin.
CVE-2008-3299 1 Esyndicat 1 Esyndicat 2026-04-23 N/A
eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5042 1 Zeeways 1 Photovideotube 2026-04-23 N/A
Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php.
CVE-2008-5065 1 Easy-script 1 Tlguesbook 2026-04-23 N/A
TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin.
CVE-2009-1617 1 Teraway 1 Linktracker 2026-04-23 N/A
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.
CVE-2009-3966 1 Arcadetradescript 1 Arcade Trade Script 2026-04-23 N/A
Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true.
CVE-2008-4784 1 Aflog 1 Aflog 2026-04-23 N/A
aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php.