Export limit exceeded: 364328 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (4532 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2065 1 Mozilla 1 Firefox 2026-04-23 N/A
Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
CVE-2009-2057 1 Microsoft 2 Ie, Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
CVE-2008-7041 1 Ajsquare 1 Aj Classifieds 2026-04-23 N/A
AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php.
CVE-2008-7019 1 Esqlanelapse 1 Esqlanelapse 2026-04-23 N/A
Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authentication and gain privileges via modified (1) enombre and (2) euri cookies.
CVE-2009-2863 1 Cisco 1 Ios 2026-04-23 N/A
Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.
CVE-2009-3158 1 Carsten Wulff 1 Simplephpweb 2026-04-23 N/A
admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information.
CVE-2008-6951 1 Cms.maury91 1 Maurycms 2026-04-23 N/A
MauryCMS 0.53.2 and earlier does not require administrative authentication for Editors/fckeditor/editor/filemanager/browser/default/browser.html, which allows remote attackers to upload arbitrary files via a direct request.
CVE-2008-6947 1 Collabtive 1 Collabtive 2026-04-23 N/A
Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php.
CVE-2009-3635 1 Typo3 1 Typo3 2026-04-23 N/A
The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.
CVE-2008-6916 2 John Doe, Siemens 2 Netport Software, Speedstream 5200 2026-04-23 N/A
Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.
CVE-2008-6912 1 Zeeways 1 Shaadiclone 2026-04-23 N/A
Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php.
CVE-2009-3923 1 Sun 2 Virtual Desktop Infrastructure, Virtualbox 2026-04-23 N/A
The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
CVE-2009-1122 1 Microsoft 2 Internet Information Services, Windows 2000 2026-04-23 N/A
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
CVE-2009-1836 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-23 N/A
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
CVE-2008-6804 1 Tribiq 1 Tribiq Cms 2026-04-23 N/A
Tribiq CMS 5.0.9a beta allows remote attackers to bypass authentication and gain administrative access by setting the COOKIE_LAST_ADMIN_USER and COOKIE_LAST_ADMIN_LANG cookies. NOTE: a third party reports that the vendor disputes the existence of this issue
CVE-2008-4319 1 Libra File Manager 1 Php Filemanager 2026-04-23 N/A
fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.
CVE-2007-2719 1 Hp 1 Systems Insight Manager 2026-04-23 N/A
Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.
CVE-2009-0127 1 Heikkitoivonen 1 M2crypto 2026-04-23 N/A
M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a Linux vendor disputes the relevance of this report to the M2Crypto product because "these functions are not used anywhere in m2crypto.
CVE-2009-0492 1 Simpleircbot 1 Simpleircbot 2026-04-23 N/A
Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerability."
CVE-2009-3828 1 Everfocus 1 Edr1600 2026-04-23 N/A
The web interface for Everfocus EDR1600 DVR allows remote attackers to bypass authentication and access live cams via certain vectors.