Export limit exceeded: 12750 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12750 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0256 | 1 Typo3 | 1 Typo3 | 2026-04-23 | N/A |
| Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication. | ||||
| CVE-2008-6816 | 1 Eaton | 1 Network Shutdown Module | 2026-04-23 | N/A |
| Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php. | ||||
| CVE-2008-6763 | 1 Hypersilence | 1 Silentum Loginsys | 2026-04-23 | N/A |
| login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypass authentication and obtain access to an arbitrary account by setting the logged_in cookie to that account's username. | ||||
| CVE-2003-1574 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-23 | N/A |
| TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0377 | 1 News | 1 Micronews | 2026-04-23 | N/A |
| MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php. | ||||
| CVE-2008-4319 | 1 Libra File Manager | 1 Php Filemanager | 2026-04-23 | N/A |
| fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string. | ||||
| CVE-2008-0150 | 1 Aruba Networks | 1 Aruba Mobility Controllers | 2026-04-23 | N/A |
| Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access. | ||||
| CVE-2007-6601 | 4 Debian, Fedoraproject, Postgresql and 1 more | 5 Debian Linux, Fedora, Postgresql and 2 more | 2026-04-23 | N/A |
| The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278. | ||||
| CVE-2009-3585 | 1 Bestpractical | 1 Rt | 2026-04-23 | N/A |
| Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain. | ||||
| CVE-2008-6714 | 1 Xecms Project | 1 Xecms | 2026-04-23 | N/A |
| admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to bypass authentication and access the admin panel by setting the xecms_username cookie. | ||||
| CVE-2009-2257 | 1 Netgear | 1 Dg632 | 2026-04-23 | N/A |
| The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/. | ||||
| CVE-2003-1570 | 1 Ibm | 1 Tivoli Storage Manager | 2026-04-23 | N/A |
| The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure." | ||||
| CVE-2009-1836 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | ||||
| CVE-2008-6664 | 1 Yarck | 1 Sh-news | 2026-04-23 | N/A |
| action.php in SH-News 3.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values. | ||||
| CVE-2008-0410 | 1 Hfs | 1 Http File Server | 2026-04-23 | N/A |
| HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL. | ||||
| CVE-2008-6523 | 1 Cale Dunlap | 1 Openinvoice | 2026-04-23 | N/A |
| auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users. | ||||
| CVE-2007-4438 | 1 Ampache | 1 Ampache | 2026-04-23 | N/A |
| Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2008-6739 | 1 Toddwoolums | 1 Asp Download | 2026-04-23 | N/A |
| Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request. | ||||
| CVE-2008-3407 | 1 Phplinkat | 1 Phplinkat | 2026-04-23 | N/A |
| phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie. | ||||
| CVE-2008-3814 | 1 Cisco | 1 Unity | 2026-04-23 | N/A |
| Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once. | ||||