Search Results (12703 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6859 1 Xigla 1 Absolute Control Panel Xe 2026-04-23 N/A
Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
CVE-2008-7041 1 Ajsquare 1 Aj Classifieds 2026-04-23 N/A
AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php.
CVE-2008-4721 1 Php Jabbers 1 Post Comment 2026-04-23 N/A
PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."
CVE-2008-6860 1 Xigla 1 Absolute Poll Manager Xe 2026-04-23 N/A
Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
CVE-2008-6919 1 Taskdriver 1 Taskdriver 2026-04-23 N/A
profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin."
CVE-2008-6864 1 Xigla 1 Absolute Live Support .net 2026-04-23 N/A
Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
CVE-2008-6863 1 Xigla 1 Absolute Form Processor.net 2026-04-23 N/A
Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
CVE-2008-6862 1 Xigla 1 Absolute Content Rotator 2026-04-23 N/A
Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
CVE-2009-4584 1 Dbmasters 1 Db Masters Multimedia Links Directory 2026-04-23 N/A
admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentication and gain administrative access via a certain value of the admin_log cookie.
CVE-2009-3657 2 Drupal, Tim Nelson 2 Drupal, Shared Sign-on 2026-04-23 N/A
Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2009-3623 1 Linux 1 Linux Kernel 2026-04-23 N/A
The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request.
CVE-2009-1754 1 Google 1 Android 2026-04-23 N/A
The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application.
CVE-2008-0555 1 Apache-ssl 1 Apache-ssl 2026-04-23 N/A
The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
CVE-2009-1596 1 Igniterealtime 1 Openfire 2026-04-23 6.5 Medium
Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet.
CVE-2009-1595 1 Igniterealtime 1 Openfire 2026-04-23 N/A
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.
CVE-2009-3481 2 Isygen, Joomla 2 Com Icrmbasic, Joomla 2026-04-23 N/A
A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1390 3 Gnu, Mutt, Openssl 3 Gnutls, Mutt, Openssl 2026-04-23 N/A
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
CVE-2007-5008 1 Hp 1 Hp-ux 2026-04-23 N/A
The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected.
CVE-2007-5152 1 Sun 2 Java System Access Manager, Java System Application Server 2026-04-23 N/A
Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks.
CVE-2008-6118 1 Goople Cms 1 Goople Cms 2026-04-23 N/A
win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.