Export limit exceeded: 12692 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12692 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4319 | 1 Libra File Manager | 1 Php Filemanager | 2026-04-23 | N/A |
| fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string. | ||||
| CVE-2008-5407 | 1 Symantec | 1 Backup Exec For Windows Server | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. | ||||
| CVE-2009-2334 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2026-04-23 | N/A |
| wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service. | ||||
| CVE-2008-6143 | 1 Owentechkenya | 1 Owenpoll | 2026-04-23 | N/A |
| OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie. | ||||
| CVE-2008-6411 | 1 Explay | 1 Explay Cms | 2026-04-23 | N/A |
| Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1. | ||||
| CVE-2008-6445 | 1 Yourplace | 1 Yourplace | 2026-04-23 | N/A |
| Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1952 | 1 Onelook | 1 Onebyone Cms | 2026-04-23 | N/A |
| Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | ||||
| CVE-2007-6384 | 1 Bea | 1 Weblogic Mobility Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors. | ||||
| CVE-2008-3815 | 1 Cisco | 2 Asa 5500, Pix | 2026-04-23 | N/A |
| Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. | ||||
| CVE-2008-2801 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files. | ||||
| CVE-2008-0210 | 1 Uebimiau | 1 Webmail | 2026-04-23 | N/A |
| Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140. | ||||
| CVE-2008-3375 | 1 Jamroom | 1 Jamroom | 2026-04-23 | N/A |
| The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie. | ||||
| CVE-2008-6965 | 1 Aj Square | 1 Aj Auction | 2026-04-23 | N/A |
| AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly other vectors. | ||||
| CVE-2008-1262 | 1 Airspan | 1 Wimax Prost | 2026-04-23 | N/A |
| The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/. | ||||
| CVE-2008-0706 | 2 Compaq, Hp | 4 Presario A900, Presario C700, G7000 and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password. | ||||
| CVE-2008-3703 | 1 Symantec | 1 Veritas Storage Foundation | 2026-04-23 | N/A |
| The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279. | ||||
| CVE-2008-6739 | 1 Toddwoolums | 1 Asp Download | 2026-04-23 | N/A |
| Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request. | ||||
| CVE-2008-0351 | 1 Evilsentinel | 1 Evilsentinel | 2026-04-23 | N/A |
| admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php. | ||||
| CVE-2008-3211 | 1 Scripteen | 1 Free Image Hosting Script | 2026-04-23 | N/A |
| Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attackers to bypass authentication and gain administrative access by setting the cookid cookie value to 1. | ||||
| CVE-2009-0124 | 1 Arrl | 1 Tqsllib | 2026-04-23 | N/A |
| The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | ||||