Total
3233 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5040 | 1 Graphiks | 1 Myforum | 2023-12-10 | 7.5 HIGH | N/A |
Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1. | |||||
CVE-2008-1904 | 1 Cicoandcico | 1 Ccmail | 2023-12-10 | 7.5 HIGH | N/A |
Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote attackers to obtain access to the "admin area" via a modified this_cookie cookie. | |||||
CVE-2008-3318 | 1 Maian | 1 Weblog | 2023-12-10 | 7.5 HIGH | N/A |
admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie. | |||||
CVE-2009-2328 | 1 Max Kervin | 1 Kervinet Forum | 2023-12-10 | 7.5 HIGH | N/A |
admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter. | |||||
CVE-2008-4689 | 1 Mantis | 1 Mantis | 2023-12-10 | 7.5 HIGH | N/A |
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions. | |||||
CVE-2008-5575 | 1 Proclanmanager | 1 Pro Clan Manager | 2023-12-10 | 7.5 HIGH | N/A |
Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
CVE-2008-6553 | 1 Impliedbydesign | 1 Micro-cms | 2023-12-10 | 7.5 HIGH | N/A |
microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a delete_admin action, and (3) modify administrative passwords via a change_password action. | |||||
CVE-2008-5125 | 1 Castillocentral | 1 Ccleague | 2023-12-10 | 6.8 MEDIUM | N/A |
admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin. | |||||
CVE-2009-1638 | 1 T-dreams | 1 Job Career Package | 2023-12-10 | 7.5 HIGH | N/A |
Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login. | |||||
CVE-2009-0030 | 1 Squirrelmail | 1 Squirrelmail | 2023-12-10 | 6.5 MEDIUM | N/A |
A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663. | |||||
CVE-2008-4037 | 1 Microsoft | 4 Windows, Windows 2000, Windows Server 2008 and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. | |||||
CVE-2008-5022 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2023-12-10 | 7.5 HIGH | N/A |
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. | |||||
CVE-2009-1587 | 1 Kalptarudemos | 1 Php Site Lock | 2023-12-10 | 7.5 HIGH | N/A |
index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values. | |||||
CVE-2008-1949 | 1 Gnu | 1 Gnutls | 2023-12-10 | 9.3 HIGH | N/A |
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2. | |||||
CVE-2009-1664 | 1 Easy-scripts | 1 Answer And Question Script | 2023-12-10 | 7.5 HIGH | N/A |
myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters. | |||||
CVE-2008-6863 | 1 Xigla | 1 Absolute Form Processor.net | 2023-12-10 | 7.5 HIGH | N/A |
Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
CVE-2009-2233 | 1 Awscripts | 1 Gallery Search Engine | 2023-12-10 | 7.5 HIGH | N/A |
The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1. | |||||
CVE-2003-1570 | 1 Ibm | 1 Tivoli Storage Manager | 2023-12-10 | 3.5 LOW | N/A |
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure." | |||||
CVE-2009-2058 | 1 Apple | 1 Safari | 2023-12-10 | 6.8 MEDIUM | N/A |
Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | |||||
CVE-2008-3203 | 1 Auracms | 1 Auracms | 2023-12-10 | 7.5 HIGH | N/A |
js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter. |