Vulnerabilities (CVE)

Filtered by CWE-287
Total 3212 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4784 1 Aflog 1 Aflog 2023-12-10 7.5 HIGH N/A
aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php.
CVE-2008-6738 1 Mark Girling 1 Myshoutpro 2023-12-10 7.5 HIGH N/A
MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1.
CVE-2008-3503 1 Webgui 1 Plain Black Webgui 2023-12-10 5.0 MEDIUM N/A
RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data).
CVE-2009-2257 1 Netgear 1 Dg632 2023-12-10 7.8 HIGH N/A
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/.
CVE-2008-2269 1 Kevin Ludlow 1 Austinsmoke Gastracker 2023-12-10 7.5 HIGH N/A
AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers to bypass authentication and gain privileges by setting the gastracker_admin cookie to TRUE.
CVE-2008-6856 1 Xigla 1 Absolute News Manager.net 2023-12-10 7.5 HIGH N/A
Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
CVE-2008-3579 2 Calacode, Linux 2 Atmail, Linux Kernel 2023-12-10 7.8 HIGH N/A
Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitation of CVE-2008-3395. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2920 1 Ezcms 1 Eztechhelp Ezcms 2023-12-10 7.5 HIGH N/A
admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and earlier does not require authentication, which allows remote attackers to create, modify, read, and delete files.
CVE-2008-1327 1 Gallarific 1 Gallarific 2023-12-10 7.5 HIGH N/A
Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2003-1574 1 Tiki 1 Tikiwiki Cms\/groupware 2023-12-10 7.5 HIGH N/A
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information.
CVE-2008-3033 1 Rss Aggregator 1 Rss Aggregator 2023-12-10 9.3 HIGH N/A
RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php.
CVE-2008-6455 1 Edikon 1 Phpshop 2023-12-10 6.8 MEDIUM N/A
Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-0129 1 Perl-openssl 1 Libcrypt-openssl-dsa-perl 2023-12-10 5.0 MEDIUM N/A
libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
CVE-2008-7027 1 Libra File Manager 1 Php Filemanager 2023-12-10 7.5 HIGH N/A
Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1.
CVE-2008-3292 1 Ezwebalbum 1 Ezwebalbum 2023-12-10 6.4 MEDIUM N/A
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.
CVE-2009-0653 1 Openssl 1 Openssl 2023-12-10 7.5 HIGH N/A
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
CVE-2008-3375 1 Jamroom 1 Jamroom 2023-12-10 7.5 HIGH N/A
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie.
CVE-2008-3738 1 Spacetag 1 Lacoodast 2023-12-10 6.8 MEDIUM N/A
Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2008-5065 1 Easy-script 1 Tlguesbook 2023-12-10 7.5 HIGH N/A
TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin.
CVE-2008-5221 1 Wportfolio 1 Wportfolio 2023-12-10 7.5 HIGH N/A
The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.