Total
3233 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-2062 | 1 Apple | 1 Safari | 2023-12-10 | 6.8 MEDIUM | N/A |
Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. | |||||
CVE-2008-6919 | 1 Taskdriver | 1 Taskdriver | 2023-12-10 | 7.5 HIGH | N/A |
profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin." | |||||
CVE-2008-7081 | 1 Raidsonic | 1 Icy Box Nas | 2023-12-10 | 10.0 HIGH | N/A |
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-5268 | 1 Trend Micro | 1 Serverprotect | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface." | |||||
CVE-2008-7086 | 1 Maianscriptworld | 1 Maian Greetings | 2023-12-10 | 7.5 HIGH | N/A |
Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin. | |||||
CVE-2008-6816 | 1 Eaton | 1 Network Shutdown Module | 2023-12-10 | 10.0 HIGH | N/A |
Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php. | |||||
CVE-2008-4708 | 1 Sylvain Pasquet | 1 Bbzl.php | 2023-12-10 | 7.5 HIGH | N/A |
BbZL.PhP 0.92 allows remote attackers to bypass authentication and gain administrative access by setting the phorum_admin_session cookie to 1. | |||||
CVE-2008-6912 | 1 Zeeways | 1 Shaadiclone | 2023-12-10 | 7.5 HIGH | N/A |
Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php. | |||||
CVE-2009-3158 | 1 Carsten Wulff | 1 Simplephpweb | 2023-12-10 | 7.5 HIGH | N/A |
admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-6965 | 1 Aj Square | 1 Aj Auction | 2023-12-10 | 7.5 HIGH | N/A |
AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly other vectors. | |||||
CVE-2009-1905 | 1 Ibm | 1 Db2 | 2023-12-10 | 2.6 LOW | N/A |
The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors. | |||||
CVE-2009-1629 | 1 Antony Lesuisse | 1 Ajaxterm | 2023-12-10 | 6.8 MEDIUM | N/A |
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack. | |||||
CVE-2008-6581 | 1 Phpaddedit | 1 Phpaddedit | 2023-12-10 | 7.5 HIGH | N/A |
login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter. | |||||
CVE-2008-2528 | 1 Citrix | 1 Access Gateway | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors. | |||||
CVE-2009-0280 | 1 Asp-project | 1 Asp-project | 2023-12-10 | 7.5 HIGH | N/A |
Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1. | |||||
CVE-2008-6861 | 1 Xigla | 1 Absolute Newsletter | 2023-12-10 | 7.5 HIGH | N/A |
Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
CVE-2009-0906 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 6.5 MEDIUM | N/A |
The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors. | |||||
CVE-2008-6300 | 1 Gwm | 1 Galatolo Webmanager | 2023-12-10 | 7.5 HIGH | N/A |
Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-6162 | 1 Bux | 1 Bux.to Clone Script | 2023-12-10 | 7.5 HIGH | N/A |
Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin. | |||||
CVE-2008-3504 | 1 Mpfm | 1 Mask Php File Manager | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 has unknown impact and remote attack vectors related to "manipulation of cookies." |