Export limit exceeded: 12680 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12680 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1356 1 Sun 1 Solaris 2026-04-23 N/A
Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash.
CVE-2008-3317 1 Maian Script World 1 Maian Search 2026-04-23 N/A
admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie.
CVE-2008-3322 1 Maian 1 Recipe 2026-04-23 N/A
admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie.
CVE-2007-0435 1 T-com 2 Speedport 500v, Speedport 500v Firmware 2026-04-23 N/A
T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value.
CVE-2007-5770 2 Redhat, Ruby-lang 2 Enterprise Linux, Ruby 2026-04-23 N/A
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
CVE-2008-0823 1 Drupal 1 Header Image 2026-04-23 N/A
Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors.
CVE-2009-1535 1 Microsoft 3 Internet Information Services, Windows Server 2003, Windows Xp 2026-04-23 N/A
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.
CVE-2007-5988 1 Bti-tracker 1 Bti-tracker 2026-04-23 N/A
blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.
CVE-2008-1334 1 Bt 1 Home Hub 2026-04-23 N/A
cgi/b on the BT Home Hub router allows remote attackers to bypass authentication, and read or modify administrative settings or make arbitrary VoIP telephone calls, by placing a character at the end of the PATH_INFO, as demonstrated by (1) %5C (encoded backslash), (2) '%' (percent), and (3) '~' (tilde). NOTE: the '/' (slash) vector is already covered by CVE-2007-5383.
CVE-2008-1327 1 Gallarific 1 Gallarific 2026-04-23 N/A
Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6445 1 Yourplace 1 Yourplace 2026-04-23 N/A
Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information.
CVE-2008-1268 1 Linksys 1 Wrt54g 2026-04-23 N/A
The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password.
CVE-2008-0640 1 Symantec 1 Ghost Solutions Suite 2026-04-23 N/A
Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.
CVE-2009-2117 1 Phportal 1 Phportal 2026-04-23 N/A
uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username.
CVE-2008-1262 1 Airspan 1 Wimax Prost 2026-04-23 N/A
The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/.
CVE-2007-6714 1 Dbmail 1 Dbmail 2026-04-23 N/A
DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.
CVE-2009-0362 1 Fail2ban 1 Fail2ban 2026-04-23 N/A
filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321.
CVE-2007-3988 1 Virtual Hosting Control System 1 Virtual Hosting Control System 2026-04-23 N/A
Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2008-3703 1 Symantec 1 Veritas Storage Foundation 2026-04-23 N/A
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.
CVE-2007-5855 1 Apple 1 Mac Os X 2026-04-23 N/A
Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity.