Export limit exceeded: 364271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 16512 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (4531 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5791 1 Vonage 1 Motorola Phone Adapter Vt2142-vd 2026-04-23 N/A
The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content.
CVE-2009-3423 1 Zenas 1 Paolink 2026-04-23 N/A
login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
CVE-2009-2422 2 Apple, Rubyonrails 3 Mac Os X, Mac Os X Server, Ruby On Rails 2026-04-23 9.8 Critical
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.
CVE-2008-5040 1 Graphiks 1 Myforum 2026-04-23 N/A
Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1.
CVE-2009-1854 1 Cmsnx 1 Million Dollar Text Links 2026-04-23 N/A
Million Dollar Text Links 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the userid cookie to 1.
CVE-2008-6861 1 Xigla 1 Absolute Newsletter 2026-04-23 N/A
Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
CVE-2008-5407 1 Symantec 1 Backup Exec For Windows Server 2026-04-23 N/A
Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors.
CVE-2008-5575 1 Proclanmanager 1 Pro Clan Manager 2026-04-23 N/A
Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2007-6011 1 Bug Software 1 Bughotel Reservation System 2026-04-23 N/A
Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0351 1 Evilsentinel 1 Evilsentinel 2026-04-23 N/A
admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php.
CVE-2003-1574 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-23 N/A
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information.
CVE-2009-0864 1 Matteoiammarrone 1 S-cms 2026-04-23 N/A
S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.
CVE-2008-5967 1 Phpicalendar 1 Phpicalendar 2026-04-23 N/A
admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.
CVE-2008-4689 1 Mantis 1 Mantis 2026-04-23 N/A
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
CVE-2008-7081 1 Raidsonic 1 Icy Box Nas 2026-04-23 N/A
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6307 1 E-topbiz 1 Link Back Checker 2026-04-23 N/A
E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin."
CVE-2009-0049 1 Eid 1 Eidlib 2026-04-23 N/A
Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
CVE-2009-0125 1 Finkproject 1 Libnasl 2026-04-23 N/A
NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has absolutely no security ramification.
CVE-2008-2528 1 Citrix 1 Access Gateway 2026-04-23 N/A
Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors.
CVE-2008-6131 1 Mozilo 1 Mozilowiki 2026-04-23 N/A
Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.