Search Results (4503 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0633 1 Invisionpower 1 Invision Power Board 2026-04-16 N/A
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.
CVE-2004-2715 1 Php Heaven 1 Phpmychat 2026-04-16 N/A
edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.
CVE-2006-1228 1 Drupal 1 Drupal 2026-04-16 N/A
Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier.
CVE-2006-2636 1 Katy Whitton 1 Newscmslite 2026-04-16 N/A
newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ".
CVE-2003-1489 1 Truegalerie 1 Truegalerie 2026-04-16 N/A
upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.
CVE-2005-3979 1 Coppermine-gallery 1 Coppermine Photo Gallery 2026-04-16 N/A
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.
CVE-2006-2369 1 Vnc 1 Realvnc 2026-04-16 N/A
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
CVE-2004-2724 1 Lionmax Software 1 Chat Anywhere 2026-04-16 N/A
LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character.
CVE-2006-2224 2 Quagga, Redhat 2 Quagga Routing Software Suite, Enterprise Linux 2026-04-16 N/A
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.
CVE-1999-0366 1 Microsoft 1 Windows Nt 2026-04-16 N/A
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.
CVE-2003-1475 1 Netbus 1 Netbus 2026-04-16 N/A
Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access.
CVE-2003-1343 1 Trend Micro 1 Scanmail 2026-04-16 N/A
Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3".
CVE-2005-4851 1 Ez 1 Ez Publish 2026-04-16 N/A
eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.
CVE-2002-2417 1 Acftp 1 Acftp 2026-04-16 N/A
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.
CVE-2003-0216 1 Cisco 1 Catos 2026-04-16 N/A
Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password.
CVE-2006-2380 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
CVE-2006-3583 1 Jetbox 1 Jetbox Cms 2026-04-16 N/A
Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section.
CVE-2001-0537 1 Cisco 1 Ios 2026-04-16 N/A
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
CVE-1999-0987 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.
CVE-2005-4006 1 Redgraphic 1 Sapid Cms 2026-04-16 N/A
SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php.