Export limit exceeded: 12617 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12617 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1826 | 1 Collector | 1 Mygesuad | 2026-04-23 | N/A |
| modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action. | ||||
| CVE-2007-5714 | 1 Gentoo | 1 Mldonkey Ebuild | 2026-04-23 | N/A |
| The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code. | ||||
| CVE-2009-0256 | 1 Typo3 | 1 Typo3 | 2026-04-23 | N/A |
| Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication. | ||||
| CVE-2008-1938 | 1 Sony | 1 Mylo Com 2 | 2026-04-23 | N/A |
| Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks. | ||||
| CVE-2008-3375 | 1 Jamroom | 1 Jamroom | 2026-04-23 | N/A |
| The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie. | ||||
| CVE-2009-0046 | 1 Sun | 1 Grid Engine | 2026-04-23 | N/A |
| Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | ||||
| CVE-2008-0926 | 1 Novell | 1 Edirectory | 2026-04-23 | N/A |
| The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected. | ||||
| CVE-2009-0653 | 1 Openssl | 1 Openssl | 2026-04-23 | N/A |
| OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970. | ||||
| CVE-2008-2347 | 1 Mypicgallery | 1 Mypicgallery | 2026-04-23 | N/A |
| MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php. | ||||
| CVE-2009-3623 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request. | ||||
| CVE-2009-0440 | 1 Ibm | 1 Websphere Partner Gateway | 2026-04-23 | N/A |
| IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print." | ||||
| CVE-2009-2863 | 1 Cisco | 1 Ios | 2026-04-23 | N/A |
| Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227. | ||||
| CVE-2009-1580 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2026-04-23 | N/A |
| Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. | ||||
| CVE-2007-3177 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2026-04-23 | N/A |
| Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter. | ||||
| CVE-2008-6856 | 1 Xigla | 1 Absolute News Manager.net | 2026-04-23 | N/A |
| Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2008-7007 | 1 Phpversion | 1 Php Vx Guestbook | 2026-04-23 | N/A |
| Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1. | ||||
| CVE-2008-6045 | 1 Xt-commerce | 1 Xt-commerce | 2026-04-23 | N/A |
| Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter. | ||||
| CVE-2008-5576 | 1 Scssboard | 1 Scssboard | 2026-04-23 | N/A |
| admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the current_user[users_level] parameter. | ||||
| CVE-2009-0412 | 1 Interspire | 1 Shopping Cart | 2026-04-23 | N/A |
| The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt. | ||||
| CVE-2008-3425 | 1 Sun | 2 Java System Web Server Plugin, N1 Service Provisioning System | 2026-04-23 | N/A |
| Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors. | ||||