Search Results (12692 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2406 1 Sun 1 Java Asp Server 2026-04-23 N/A
The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102.
CVE-2008-2347 1 Mypicgallery 1 Mypicgallery 2026-04-23 N/A
MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php.
CVE-2008-2298 1 Sourceforge 1 Web Slider 2026-04-23 N/A
Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1.
CVE-2008-6092 1 Phpscripts 1 Ranking-script 2026-04-23 N/A
phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie.
CVE-2008-0640 1 Symantec 1 Ghost Solutions Suite 2026-04-23 N/A
Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.
CVE-2008-4614 1 Portalapp 1 Portalapp 2026-04-23 N/A
PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies.
CVE-2008-0536 2 Cisco, Icon-labs 2 Service Control Engine, Iconfidant Ssh 2026-04-23 N/A
Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers "illegal I/O operations," aka Bug ID CSCsh49563.
CVE-2009-4584 1 Dbmasters 1 Db Masters Multimedia Links Directory 2026-04-23 N/A
admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentication and gain administrative access via a certain value of the admin_log cookie.
CVE-2009-3657 2 Drupal, Tim Nelson 2 Drupal, Shared Sign-on 2026-04-23 N/A
Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2008-0466 1 Webwiz 3 Web Wiz Forums, Web Wiz Newspad, Web Wiz Rich Text Editor 2026-04-23 N/A
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
CVE-2008-6965 1 Aj Square 1 Aj Auction 2026-04-23 N/A
AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly other vectors.
CVE-2007-5085 1 Apache 1 Geronimo 2026-04-23 N/A
Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
CVE-2007-5057 1 Netsupport 1 Netsupport Manager Client 2026-04-23 N/A
NetSupport Manager Client before 10.20.0004 allows remote attackers to bypass the (1) basic and (2) authentication schemes by spoofing the NetSupport Manager.
CVE-2007-6234 1 Ftp Admin 1 Ftp Admin 2026-04-23 N/A
index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account.
CVE-2007-3184 2 Apple, Cisco 2 Mac Os X, Trust Agent 2026-04-23 N/A
Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.
CVE-2008-3264 1 Asterisk 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more 2026-04-23 N/A
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
CVE-2007-2277 1 Plogger 1 Plogger 2026-04-23 N/A
Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2008-4576 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2026-04-23 N/A
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires.
CVE-2007-1228 2 Ibm, Unix 2 Db2, Unix 2026-04-23 N/A
IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.
CVE-2008-7124 1 Zkup 1 Zkup 2026-04-23 N/A
zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.