Total
4035 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0864 | 1 Matteoiammarrone | 1 S-cms | 2025-04-09 | N/A |
| S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie. | ||||
| CVE-2007-4693 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields." | ||||
| CVE-2009-1595 | 1 Igniterealtime | 1 Openfire | 2025-04-09 | N/A |
| The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action. | ||||
| CVE-2009-3441 | 1 Alienvault | 1 Ossim | 2025-04-09 | N/A |
| Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to (1) graphs/alarms_events.php or (2) host/draw_tree.php. | ||||
| CVE-2009-0853 | 1 Stewart Howe | 1 Celerbb | 2025-04-09 | N/A |
| login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value. | ||||
| CVE-2003-1574 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-09 | N/A |
| TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-0669 | 1 Zope | 1 Zodb | 2025-04-09 | N/A |
| Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol. | ||||
| CVE-2007-6011 | 1 Bug Software | 1 Bughotel Reservation System | 2025-04-09 | N/A |
| Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-0655 | 1 Lenovo | 1 Veriface | 2025-04-09 | N/A |
| Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user. | ||||
| CVE-2007-2555 | 1 Podium Cms | 1 Podium Cms | 2025-04-09 | N/A |
| Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS). | ||||
| CVE-2009-3923 | 1 Sun | 2 Virtual Desktop Infrastructure, Virtualbox | 2025-04-09 | N/A |
| The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server. | ||||
| CVE-2009-0614 | 1 Cisco | 1 Unified Meetingplace Web Conferencing | 2025-04-09 | N/A |
| Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL. | ||||
| CVE-2008-4576 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-09 | N/A |
| sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires. | ||||
| CVE-2009-0461 | 1 Wholehogsoftware | 1 Password Protect | 2025-04-09 | N/A |
| Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie. | ||||
| CVE-2009-0460 | 1 Wholehogsoftware | 1 Ware Support | 2025-04-09 | N/A |
| Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie. | ||||
| CVE-2007-4438 | 1 Ampache | 1 Ampache | 2025-04-09 | N/A |
| Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2007-6714 | 1 Dbmail | 1 Dbmail | 2025-04-09 | N/A |
| DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication. | ||||
| CVE-2008-6739 | 1 Toddwoolums | 1 Asp Download | 2025-04-09 | N/A |
| Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request. | ||||
| CVE-2007-4419 | 1 Olate | 1 Olatedownload | 2025-04-09 | N/A |
| Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area. | ||||
| CVE-2007-1951 | 1 Onelook | 1 Oboshop | 2025-04-09 | N/A |
| Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | ||||