Export limit exceeded: 11731 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11731 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3261 | 1 Livestreet | 1 Livestreet | 2026-04-23 | N/A |
| update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors. | ||||
| CVE-2008-3319 | 1 Maian | 1 Links | 2026-04-23 | N/A |
| admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie. | ||||
| CVE-2008-0407 | 1 Hfs | 1 Http File Server | 2026-04-23 | N/A |
| HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request. | ||||
| CVE-2008-6045 | 1 Xt-commerce | 1 Xt-commerce | 2026-04-23 | N/A |
| Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter. | ||||
| CVE-2008-6859 | 1 Xigla | 1 Absolute Control Panel Xe | 2026-04-23 | N/A |
| Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2009-3862 | 1 Novell | 1 Edirectory | 2026-04-23 | N/A |
| The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value. | ||||
| CVE-2009-0362 | 1 Fail2ban | 1 Fail2ban | 2026-04-23 | N/A |
| filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321. | ||||
| CVE-2008-6128 | 1 Mozilo | 1 Mozilocms | 2026-04-23 | N/A |
| Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2007-5085 | 1 Apache | 1 Geronimo | 2026-04-23 | N/A |
| Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors. | ||||
| CVE-2008-6717 | 1 Uochm | 1 Signup | 2026-04-23 | N/A |
| U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) adminstart.php, (2) admineventtype.php, (3) admineventdetails.php, (4) admineventlist.php, (5) adminuserslist.php, (6) adminleaderslist.php, (7) admindatabase.php, and possibly (8) index.php. | ||||
| CVE-2008-0536 | 2 Cisco, Icon-labs | 2 Service Control Engine, Iconfidant Ssh | 2026-04-23 | N/A |
| Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers "illegal I/O operations," aka Bug ID CSCsh49563. | ||||
| CVE-2007-4364 | 1 Fedoraproject | 1 Commons | 2026-04-23 | N/A |
| Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector. | ||||
| CVE-2008-5575 | 1 Proclanmanager | 1 Pro Clan Manager | 2026-04-23 | N/A |
| Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2007-5008 | 1 Hp | 1 Hp-ux | 2026-04-23 | N/A |
| The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected. | ||||
| CVE-2008-5219 | 1 Videoscript | 1 Videoscript | 2026-04-23 | N/A |
| The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters. | ||||
| CVE-2008-1134 | 1 Omegasoft | 1 Interneserviceslosungen | 2026-04-23 | N/A |
| OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports authentication with a cookie that lacks a shared secret, which allows remote attackers to login as an arbitrary user via a modified cookie. | ||||
| CVE-2008-6738 | 1 Mark Girling | 1 Myshoutpro | 2026-04-23 | N/A |
| MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1. | ||||
| CVE-2008-3866 | 1 Trend Micro | 3 Internet Security 2007, Internet Security 2008, Officescan | 2026-04-23 | N/A |
| The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets. | ||||
| CVE-2002-2427 | 1 Goahead | 1 Goahead Webserver | 2026-04-23 | N/A |
| The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. | ||||
| CVE-2009-2642 | 1 Desiscripts | 1 Desi Short Url Script | 2026-04-23 | N/A |
| index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13. | ||||