Export limit exceeded: 12679 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12679 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5558 1 Asterisk 2 Asterisk Business Edition, Open Source 2026-04-23 N/A
Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.
CVE-2007-6385 1 Kerio 1 Winroute Firewall 2026-04-23 N/A
The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
CVE-2007-2546 1 Simple Machines 1 Simple Machines Forum 2026-04-23 N/A
Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2008-3375 1 Jamroom 1 Jamroom 2026-04-23 N/A
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie.
CVE-2008-3610 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list.
CVE-2008-3299 1 Esyndicat 1 Esyndicat 2026-04-23 N/A
eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5497 1 Bandsitecms 1 Bandsite Cms 2026-04-23 N/A
BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true.
CVE-2009-1122 1 Microsoft 2 Internet Information Services, Windows 2000 2026-04-23 N/A
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
CVE-2008-4319 1 Libra File Manager 1 Php Filemanager 2026-04-23 N/A
fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.
CVE-2008-2879 1 Benjacms 1 Benja Cms 2026-04-23 N/A
Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers to add or delete a menu.
CVE-2009-0126 1 Berkeley 1 Boinc Client 2026-04-23 N/A
The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
CVE-2009-1836 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-23 N/A
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
CVE-2008-5575 1 Proclanmanager 1 Pro Clan Manager 2026-04-23 N/A
Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2007-1951 1 Onelook 1 Oboshop 2026-04-23 N/A
Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
CVE-2008-5355 1 Sun 3 Jdk, Jre, Sdk 2026-04-23 N/A
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.
CVE-2009-2422 2 Apple, Rubyonrails 3 Mac Os X, Mac Os X Server, Ruby On Rails 2026-04-23 9.8 Critical
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.
CVE-2008-0377 1 News 1 Micronews 2026-04-23 N/A
MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php.
CVE-2008-5296 1 Gallery 1 Gallery 2026-04-23 N/A
Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information.
CVE-2009-4447 1 Jax Scripts 1 Jax Guestbook 2026-04-23 N/A
Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php.
CVE-2008-1269 1 Alice 1 Gate2 Plus Wi-fi 2026-04-23 N/A
cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request.