Search Results (4537 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4006 1 Redgraphic 1 Sapid Cms 2026-04-16 N/A
SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php.
CVE-2002-2417 1 Acftp 1 Acftp 2026-04-16 N/A
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.
CVE-2001-1585 1 Openbsd 1 Openssh 2026-04-16 N/A
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file.
CVE-2006-3583 1 Jetbox 1 Jetbox Cms 2026-04-16 N/A
Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section.
CVE-2006-0374 1 Advantage Century Telecommunication 1 P202s 2026-04-16 N/A
Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB remote debugging ONCRPC (aka wdbrpc) on UDP 17185, (2) reflect network data using echo (TCP 7), or (3) gain access without authentication using rlogin (TCP 513).
CVE-2002-0507 2 Microsoft, Rsa 2 Exchange Server, Securid 2026-04-16 N/A
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.
CVE-1999-0366 1 Microsoft 1 Windows Nt 2026-04-16 N/A
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.
CVE-2003-1489 1 Truegalerie 1 Truegalerie 2026-04-16 N/A
upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.
CVE-2003-1343 1 Trend Micro 1 Scanmail 2026-04-16 N/A
Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3".
CVE-2004-1760 2 Cisco, Ibm 17 Call Manager, Conference Connection, Emergency Responder and 14 more 2026-04-16 N/A
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.
CVE-2003-1442 1 Ericsson 1 Hm220dp Adsl Modem 2026-04-16 N/A
The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side.
CVE-1999-0680 1 Microsoft 1 Terminal Server 2026-04-16 N/A
Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.
CVE-2003-0216 1 Cisco 1 Catos 2026-04-16 N/A
Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password.
CVE-2006-2636 1 Katy Whitton 1 Newscmslite 2026-04-16 N/A
newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ".
CVE-2004-2734 1 Novell 1 Netware 2026-04-16 N/A
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
CVE-2006-0633 1 Invisionpower 1 Invision Power Board 2026-04-16 N/A
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.
CVE-2003-1434 1 Pete Werner 1 Login Ldap 2026-04-16 N/A
login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password.
CVE-2002-0563 1 Oracle 4 Application Server, Application Server Web Cache, Oracle8i and 1 more 2026-04-16 N/A
The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.
CVE-2005-3979 1 Coppermine-gallery 1 Coppermine Photo Gallery 2026-04-16 N/A
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.
CVE-2006-4244 1 Sql-ledger 1 Sql-ledger 2026-04-16 N/A
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.