Search Results (12619 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6581 1 Phpaddedit 1 Phpaddedit 2026-04-23 N/A
login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter.
CVE-2007-3177 1 Ingate 2 Ingate Firewall, Ingate Siparator 2026-04-23 N/A
Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter.
CVE-2007-1949 1 Webblizzard 1 Content Management System 2026-04-23 N/A
Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
CVE-2009-1878 1 Adobe 1 Coldfusion 2026-04-23 N/A
Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2009-1549 1 Agtc 1 Agtc Myshop 2026-04-23 N/A
AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto."
CVE-2008-7006 1 Phpversion 1 Php Vx Guestbook 2026-04-23 N/A
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to admin/backupdb.php.
CVE-2009-1836 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-23 N/A
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
CVE-2006-5268 1 Trend Micro 1 Serverprotect 2026-04-23 N/A
Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface."
CVE-2009-0030 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2026-04-23 N/A
A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.
CVE-2008-3891 1 Google 1 Google Apps 2026-04-23 N/A
The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field.
CVE-2009-1825 1 Collector 1 Mycolex 2026-04-23 N/A
modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
CVE-2008-6916 2 John Doe, Siemens 2 Netport Software, Speedstream 5200 2026-04-23 N/A
Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.
CVE-2007-5113 1 Roi Revolution 1 Urchin 2026-04-23 N/A
report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112.
CVE-2008-4649 1 Elxis 1 Elxis Cms 2026-04-23 N/A
Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2008-6045 1 Xt-commerce 1 Xt-commerce 2026-04-23 N/A
Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter.
CVE-2009-3966 1 Arcadetradescript 1 Arcade Trade Script 2026-04-23 N/A
Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true.
CVE-2009-2642 1 Desiscripts 1 Desi Short Url Script 2026-04-23 N/A
index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13.
CVE-2007-5862 1 Apple 1 Mac Os X 2026-04-23 N/A
Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.
CVE-2009-1826 1 Collector 1 Mygesuad 2026-04-23 N/A
modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
CVE-2008-6569 1 Cybozu 1 Garoon 2026-04-23 N/A
Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page.