Search Results (4340 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0892 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.
CVE-2008-0377 1 News 1 Micronews 2026-04-23 N/A
MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php.
CVE-2007-6234 1 Ftp Admin 1 Ftp Admin 2026-04-23 N/A
index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account.
CVE-2008-1949 2 Gnu, Redhat 2 Gnutls, Enterprise Linux 2026-04-23 N/A
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
CVE-2008-3319 1 Maian 1 Links 2026-04-23 N/A
admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie.
CVE-2009-0891 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks.
CVE-2008-2347 1 Mypicgallery 1 Mypicgallery 2026-04-23 N/A
MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php.
CVE-2008-7086 1 Maianscriptworld 1 Maian Greetings 2026-04-23 N/A
Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin.
CVE-2009-2159 1 Torrenttrader 1 Torrenttrader Classic 2026-04-23 N/A
backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/.
CVE-2008-4708 1 Sylvain Pasquet 1 Bbzl.php 2026-04-23 N/A
BbZL.PhP 0.92 allows remote attackers to bypass authentication and gain administrative access by setting the phorum_admin_session cookie to 1.
CVE-2007-1160 1 Webspell 1 Webspell 2026-04-23 N/A
webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
CVE-2008-6743 1 Shock-therapy 1 Rsmscript 2026-04-23 N/A
RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which bypasses the security check that is performed by verify.php.
CVE-2007-5162 2 Redhat, Ruby-lang 2 Enterprise Linux, Ruby 2026-04-23 N/A
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
CVE-2008-3320 1 Maian 1 Guestbook 2026-04-23 N/A
admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie.
CVE-2008-3375 1 Jamroom 1 Jamroom 2026-04-23 N/A
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie.
CVE-2009-0138 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration.
CVE-2009-2069 1 Microsoft 2 Ie, Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
CVE-2008-3815 1 Cisco 2 Asa 5500, Pix 2026-04-23 N/A
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors.
CVE-2009-1390 3 Gnu, Mutt, Openssl 3 Gnutls, Mutt, Openssl 2026-04-23 N/A
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
CVE-2009-1535 1 Microsoft 3 Internet Information Services, Windows Server 2003, Windows Xp 2026-04-23 N/A
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.