Total
4021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6237 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | 9.0 HIGH | N/A |
| cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than CVE-2006-4078. NOTE: this can be leveraged for administrative access by requesting password-reset e-mail through a lostpw action to misc.php. | |||||
| CVE-2003-1570 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-09 | 3.5 LOW | N/A |
| The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure." | |||||
| CVE-2008-4708 | 1 Sylvain Pasquet | 1 Bbzl.php | 2025-04-09 | 7.5 HIGH | N/A |
| BbZL.PhP 0.92 allows remote attackers to bypass authentication and gain administrative access by setting the phorum_admin_session cookie to 1. | |||||
| CVE-2007-5987 | 1 Bti-tracker | 1 Bti-tracker | 2025-04-09 | 6.8 MEDIUM | N/A |
| details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest. | |||||
| CVE-2008-5296 | 1 Gallery | 1 Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
| Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1727 | 1 Myknowledgequest | 1 Knowledgequest | 2025-04-09 | 7.5 HIGH | N/A |
| KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts. | |||||
| CVE-2009-2062 | 1 Apple | 1 Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
| Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. | |||||
| CVE-2009-2642 | 1 Desiscripts | 1 Desi Short Url Script | 2025-04-09 | 7.5 HIGH | N/A |
| index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13. | |||||
| CVE-2008-3905 | 1 Ruby-lang | 1 Ruby | 2025-04-09 | 5.8 MEDIUM | N/A |
| resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | |||||
| CVE-2008-6857 | 1 Xigla | 1 Absolute Podcast.net | 2025-04-09 | 7.5 HIGH | N/A |
| Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-7007 | 1 Phpversion | 1 Php Vx Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
| Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1. | |||||
| CVE-2009-3481 | 2 Isygen, Joomla | 2 Com Icrmbasic, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2524 | 1 Blogphp | 1 Blogphp | 2025-04-09 | 5.0 MEDIUM | N/A |
| BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie. | |||||
| CVE-2009-3923 | 1 Sun | 2 Virtual Desktop Infrastructure, Virtualbox | 2025-04-09 | 7.5 HIGH | N/A |
| The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server. | |||||
| CVE-2007-3597 | 1 Zen Cart | 1 Zen Cart | 2025-04-09 | 8.5 HIGH | N/A |
| Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. | |||||
| CVE-2007-6714 | 1 Dbmail | 1 Dbmail | 2025-04-09 | 6.8 MEDIUM | N/A |
| DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication. | |||||
| CVE-2008-1327 | 1 Gallarific | 1 Gallarific | 2025-04-09 | 7.5 HIGH | N/A |
| Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5686 | 1 Ibm | 1 Tivoli Provisioning Manager | 2025-04-09 | 8.5 HIGH | N/A |
| IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows. | |||||
| CVE-2008-5355 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 10.0 HIGH | N/A |
| The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. | |||||
| CVE-2009-1587 | 1 Kalptarudemos | 1 Php Site Lock | 2025-04-09 | 7.5 HIGH | N/A |
| index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values. | |||||