Search Results (4340 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2231 1 Mid.as 1 Midas 2026-04-23 N/A
MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie.
CVE-2008-4037 1 Microsoft 4 Windows, Windows 2000, Windows Server 2008 and 1 more 2026-04-23 N/A
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
CVE-2008-0330 1 Radiator 1 Radius Server 2026-04-23 N/A
Open System Consultants (OSC) Radiator before 4.0 allows remote attackers to cause a denial of service (daemon crash) via malformed RADIUS requests, as demonstrated by packets sent by nmap.
CVE-2007-5008 1 Hp 1 Hp-ux 2026-04-23 N/A
The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected.
CVE-2007-3050 1 Chameleon Cms 1 Chameleon Cms 2026-04-23 N/A
Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2007-1859 2 Redhat, Xscreensaver 4 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation and 1 more 2026-04-23 N/A
XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.
CVE-2008-6861 1 Xigla 1 Absolute Newsletter 2026-04-23 N/A
Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
CVE-2008-1356 1 Sun 1 Solaris 2026-04-23 N/A
Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash.
CVE-2008-1469 1 Gallarific 1 Gallarific 2026-04-23 N/A
Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0466 1 Webwiz 3 Web Wiz Forums, Web Wiz Newspad, Web Wiz Rich Text Editor 2026-04-23 N/A
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
CVE-2007-5391 1 Hp 1 Select Identity 2026-04-23 N/A
Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors.
CVE-2008-6947 1 Collabtive 1 Collabtive 2026-04-23 N/A
Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php.
CVE-2008-6816 1 Eaton 1 Network Shutdown Module 2026-04-23 N/A
Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php.
CVE-2008-2269 1 Kevin Ludlow 1 Austinsmoke Gastracker 2026-04-23 N/A
AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers to bypass authentication and gain privileges by setting the gastracker_admin cookie to TRUE.
CVE-2007-2546 1 Simple Machines 1 Simple Machines Forum 2026-04-23 N/A
Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2009-1670 1 Tcpdb 1 Tcpdb 2026-04-23 N/A
user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2009-2088 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," related to a certain invokefilterscompatibility property.
CVE-2009-2003 1 Ascadnetworks 1 Password Protector Sd 2026-04-23 N/A
Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin."
CVE-2008-5783 1 V3chat 1 V3 Chat Live Support 2026-04-23 N/A
admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
CVE-2007-0435 1 T-com 2 Speedport 500v, Speedport 500v Firmware 2026-04-23 N/A
T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value.