Total
4018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6130 | 1 Gnu | 1 Gnump3d | 2025-04-09 | 5.0 MEDIUM | N/A |
| gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2009-1050 | 1 Kamads | 1 Bloginator | 2025-04-09 | 7.5 HIGH | N/A |
| Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie. | |||||
| CVE-2008-5880 | 1 Gobbl | 1 Gobbl Cms | 2025-04-09 | 7.5 HIGH | N/A |
| admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok". | |||||
| CVE-2009-0853 | 1 Stewart Howe | 1 Celerbb | 2025-04-09 | 6.8 MEDIUM | N/A |
| login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value. | |||||
| CVE-2009-2085 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 7.5 HIGH | N/A |
| The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB). | |||||
| CVE-2007-3050 | 1 Chameleon Cms | 1 Chameleon Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
| CVE-2008-3428 | 1 Phpfreechat | 1 Phpfreechat | 2025-04-09 | 6.5 MEDIUM | N/A |
| Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter. | |||||
| CVE-2008-1897 | 1 Asterisk | 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923. | |||||
| CVE-2009-2070 | 1 Opera | 1 Opera Browser | 2025-04-09 | 6.8 MEDIUM | N/A |
| Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | |||||
| CVE-2007-1160 | 1 Webspell | 1 Webspell | 2025-04-09 | 10.0 HIGH | N/A |
| webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | |||||
| CVE-2008-3729 | 1 Microworld Technologies | 1 Mailscan | 2025-04-09 | 7.5 HIGH | N/A |
| Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie. | |||||
| CVE-2009-4447 | 1 Jax Scripts | 1 Jax Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
| Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php. | |||||
| CVE-2009-0614 | 1 Cisco | 1 Unified Meetingplace Web Conferencing | 2025-04-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL. | |||||
| CVE-2007-4438 | 1 Ampache | 1 Ampache | 2025-04-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2009-2003 | 1 Ascadnetworks | 1 Password Protector Sd | 2025-04-09 | 7.5 HIGH | N/A |
| Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin." | |||||
| CVE-2009-2481 | 2 Six Apart, Sixapart | 2 Movable Type, Movable Type | 2025-04-09 | 5.8 MEDIUM | N/A |
| mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors. | |||||
| CVE-2008-6045 | 1 Xt-commerce | 1 Xt-commerce | 2025-04-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter. | |||||
| CVE-2008-7156 | 1 Ekinboard | 1 Ekinboard | 2025-04-09 | 6.8 MEDIUM | N/A |
| EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php. | |||||
| CVE-2008-4081 | 1 Stash | 1 Stash | 2025-04-09 | 7.5 HIGH | N/A |
| admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie. | |||||
| CVE-2008-3425 | 1 Sun | 2 Java System Web Server Plugin, N1 Service Provisioning System | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors. | |||||