Total
4114 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1062 | 1 Cisco | 4 Unified Ip Conference Station 7935, Unified Ip Conference Station 7935 Firmware, Unified Ip Conference Station 7936 and 1 more | 2025-04-09 | N/A |
| The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time | ||||
| CVE-2009-1587 | 1 Kalptarudemos | 1 Php Site Lock | 2025-04-09 | N/A |
| index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values. | ||||
| CVE-2008-4167 | 1 Ezphotogallery | 1 Ezphotogallery | 2025-04-09 | N/A |
| useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account. | ||||
| CVE-2007-1228 | 2 Ibm, Unix | 2 Db2, Unix | 2025-04-09 | N/A |
| IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories. | ||||
| CVE-2008-1469 | 1 Gallarific | 1 Gallarific | 2025-04-09 | N/A |
| Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1952 | 1 Onelook | 1 Onebyone Cms | 2025-04-09 | N/A |
| Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | ||||
| CVE-2008-1395 | 1 Plone | 1 Plone Cms | 2025-04-09 | N/A |
| Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes it easier for context-dependent attackers to reuse a logged-out session. | ||||
| CVE-2007-5085 | 1 Apache | 1 Geronimo | 2025-04-09 | N/A |
| Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors. | ||||
| CVE-2008-6009 | 1 Sg Real Estate Portal | 1 Sg Real Estate Portal | 2025-04-09 | N/A |
| SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1. | ||||
| CVE-2008-1327 | 1 Gallarific | 1 Gallarific | 2025-04-09 | N/A |
| Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-1390 | 3 Gnu, Mutt, Openssl | 3 Gnutls, Mutt, Openssl | 2025-04-09 | N/A |
| Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack. | ||||
| CVE-2007-5988 | 1 Bti-tracker | 1 Bti-tracker | 2025-04-09 | N/A |
| blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field. | ||||
| CVE-2008-1321 | 1 Asg-sentry | 1 Asg-sentry | 2025-04-09 | N/A |
| The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier does require authentication, which allows remote attackers to cause a denial of service (service termination) via the exit command to TCP port 6162, or have other impacts via other commands. | ||||
| CVE-2007-5987 | 1 Bti-tracker | 1 Bti-tracker | 2025-04-09 | N/A |
| details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest. | ||||
| CVE-2008-6984 | 1 Parallels | 1 Plesk | 2025-04-09 | N/A |
| Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3. | ||||
| CVE-2008-3033 | 1 Rss Aggregator | 1 Rss Aggregator | 2025-04-09 | N/A |
| RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php. | ||||
| CVE-2008-2524 | 1 Blogphp | 1 Blogphp | 2025-04-09 | N/A |
| BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie. | ||||
| CVE-2007-4692 | 2 Apple, Microsoft | 4 Mac Os X, Mac Os X Server, Safari and 1 more | 2025-04-09 | N/A |
| The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. | ||||
| CVE-2007-3184 | 2 Apple, Cisco | 2 Mac Os X, Trust Agent | 2025-04-09 | N/A |
| Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation. | ||||
| CVE-2007-4693 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields." | ||||