Search Results (12617 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-7051 1 Ajsquare 1 Aj Article 2026-04-23 N/A
AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to (1) user.php, (2) articles.php, (3) articlesuspend.php, (4) site.php, (5) statistics.php, (6) mail.php, (7) category.php, (8) subcategory.php, (9) changepassword.php, (10) polling.php, and (11) logo.php in admin/.
CVE-2007-1949 1 Webblizzard 1 Content Management System 2026-04-23 N/A
Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
CVE-2009-0492 1 Simpleircbot 1 Simpleircbot 2026-04-23 N/A
Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerability."
CVE-2007-3177 1 Ingate 2 Ingate Firewall, Ingate Siparator 2026-04-23 N/A
Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter.
CVE-2009-4409 1 Iij 1 Seil\/b1 2026-04-23 N/A
The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack.
CVE-2008-4576 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2026-04-23 N/A
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires.
CVE-2009-3635 1 Typo3 1 Typo3 2026-04-23 N/A
The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.
CVE-2008-6912 1 Zeeways 1 Shaadiclone 2026-04-23 N/A
Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php.
CVE-2008-1244 1 Belkin 1 F5d7230-4 2026-04-23 N/A
cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected.
CVE-2007-5008 1 Hp 1 Hp-ux 2026-04-23 N/A
The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected.
CVE-2008-6854 1 Xigla 1 Absolute Faq Manager .net 2026-04-23 N/A
Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
CVE-2009-2072 1 Apple 1 Safari 2026-04-23 N/A
Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server.
CVE-2009-1638 1 T-dreams 1 Job Career Package 2026-04-23 N/A
Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login.
CVE-2009-3423 1 Zenas 1 Paolink 2026-04-23 N/A
login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
CVE-2009-2481 2 Six Apart, Sixapart 2 Movable Type, Movable Type 2026-04-23 N/A
mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors.
CVE-2009-2255 1 Zen-cart 1 Zen Cart 2026-04-23 N/A
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/.
CVE-2008-1528 1 Zyxel 3 Prestige 660, Prestige 661, Zynos 2026-04-23 N/A
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys.
CVE-2007-3754 1 Apple 2 Iphone, Iphone Os 2026-04-23 N/A
Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.
CVE-2007-2555 1 Podium Cms 1 Podium Cms 2026-04-23 N/A
Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS).
CVE-2007-4043 1 Securecomputing 1 Securityreporter 2026-04-23 9.8 Critical
file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files.