Search Results (4340 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1826 1 Collector 1 Mygesuad 2026-04-23 N/A
modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
CVE-2008-6965 1 Aj Square 1 Aj Auction 2026-04-23 N/A
AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly other vectors.
CVE-2009-3623 1 Linux 1 Linux Kernel 2026-04-23 N/A
The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request.
CVE-2009-1155 1 Cisco 2 Adaptive Security Appliance 5500, Pix 2026-04-23 N/A
Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors.
CVE-2009-1905 1 Ibm 1 Db2 2026-04-23 N/A
The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.
CVE-2007-3754 1 Apple 2 Iphone, Iphone Os 2026-04-23 N/A
Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.
CVE-2008-7027 1 Libra File Manager 1 Php Filemanager 2026-04-23 N/A
Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1.
CVE-2009-4128 1 Gnu 1 Grub 2 2026-04-23 N/A
GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.
CVE-2009-1050 1 Kamads 1 Bloginator 2026-04-23 N/A
Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie.
CVE-2009-2257 1 Netgear 1 Dg632 2026-04-23 N/A
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/.
CVE-2008-7047 1 Natterchat 1 Natterchat 2026-04-23 N/A
NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp.
CVE-2003-1574 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-23 N/A
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information.
CVE-2008-6718 1 Uochm 1 Justbookit 2026-04-23 N/A
U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) user_manual.php, (2) user_config.php, (3) user_kundnamn.php, (4) user_kundlista.php, (5) user_aktiva_kunder.php, (6) database.php, and possibly (7) index.php.
CVE-2008-5221 1 Wportfolio 1 Wportfolio 2026-04-23 N/A
The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.
CVE-2008-1868 1 Pixel Motion 1 Pixel Motion Blog 2026-04-23 N/A
admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information.
CVE-2009-3232 1 Canonical 1 Ubuntu Linux 2026-04-23 N/A
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
CVE-2009-3862 1 Novell 1 Edirectory 2026-04-23 N/A
The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value.
CVE-2007-5987 1 Bti-tracker 1 Bti-tracker 2026-04-23 N/A
details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest.
CVE-2008-3033 1 Rss Aggregator 1 Rss Aggregator 2026-04-23 N/A
RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php.
CVE-2009-0127 1 Heikkitoivonen 1 M2crypto 2026-04-23 N/A
M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a Linux vendor disputes the relevance of this report to the M2Crypto product because "these functions are not used anywhere in m2crypto.