| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter. |
| webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. |
| AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. |
| Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1. |
| AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php. |
| Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. |
| AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to bypass authentication and reset poll votes via a direct request to admin/resetvote.php. |
| Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin." |
| login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter. |
| report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112. |
| Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login. |
| login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypass authentication and obtain access to an arbitrary account by setting the logged_in cookie to that account's username. |
| Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." |
| Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password. |
| Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability. |
| Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors. |
| U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) adminstart.php, (2) admineventtype.php, (3) admineventdetails.php, (4) admineventlist.php, (5) adminuserslist.php, (6) adminleaderslist.php, (7) admindatabase.php, and possibly (8) index.php. |
| Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin. |
| A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1. |