Total
3240 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-2642 | 1 Desiscripts | 1 Desi Short Url Script | 2023-12-10 | 7.5 HIGH | N/A |
index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13. | |||||
CVE-2008-6855 | 1 Xigla | 1 Absolute News Feed | 2023-12-10 | 7.5 HIGH | N/A |
Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie. | |||||
CVE-2008-4649 | 1 Elxis | 1 Elxis Cms | 2023-12-10 | 7.5 HIGH | N/A |
Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
CVE-2009-2064 | 1 Microsoft | 2 Internet Explorer, Pocket Ie | 2023-12-10 | 6.8 MEDIUM | N/A |
Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | |||||
CVE-2008-1321 | 1 Asg-sentry | 1 Asg-sentry | 2023-12-10 | 5.0 MEDIUM | N/A |
The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier does require authentication, which allows remote attackers to cause a denial of service (service termination) via the exit command to TCP port 6162, or have other impacts via other commands. | |||||
CVE-2008-7007 | 1 Phpversion | 1 Php Vx Guestbook | 2023-12-10 | 7.5 HIGH | N/A |
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1. | |||||
CVE-2009-2697 | 2 Gnome, Redhat | 2 Gdm, Enterprise Linux | 2023-12-10 | 6.8 MEDIUM | N/A |
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079. | |||||
CVE-2009-1489 | 1 Rens Rikkerink | 1 Fungamez | 2023-12-10 | 7.5 HIGH | N/A |
includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter. | |||||
CVE-2008-3891 | 1 Google | 1 Google Apps | 2023-12-10 | 7.5 HIGH | N/A |
The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field. | |||||
CVE-2008-3407 | 1 Phplinkat | 1 Phplinkat | 2023-12-10 | 5.0 MEDIUM | N/A |
phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie. | |||||
CVE-2009-0642 | 1 Ruby-lang | 1 Ruby | 2023-12-10 | 6.8 MEDIUM | N/A |
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. | |||||
CVE-2009-2255 | 1 Zen-cart | 1 Zen Cart | 2023-12-10 | 6.8 MEDIUM | N/A |
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/. | |||||
CVE-2008-5355 | 1 Sun | 3 Jdk, Jre, Sdk | 2023-12-10 | 10.0 HIGH | N/A |
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. | |||||
CVE-2009-0051 | 1 Zxid | 1 Zxid | 2023-12-10 | 5.0 MEDIUM | N/A |
ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
CVE-2009-0047 | 1 Gale | 1 Gale | 2023-12-10 | 5.0 MEDIUM | N/A |
Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
CVE-2009-4232 | 2 Jonijnm, Joomla | 2 Com Kide, Joomla\! | 2023-12-10 | 5.0 MEDIUM | N/A |
The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-6859 | 1 Xigla | 1 Absolute Control Panel Xe | 2023-12-10 | 7.5 HIGH | N/A |
Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
CVE-2009-1854 | 1 Cmsnx | 1 Million Dollar Text Links | 2023-12-10 | 7.5 HIGH | N/A |
Million Dollar Text Links 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the userid cookie to 1. | |||||
CVE-2009-1878 | 1 Adobe | 1 Coldfusion | 2023-12-10 | 5.8 MEDIUM | N/A |
Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | |||||
CVE-2002-2427 | 1 Goahead | 1 Goahead Webserver | 2023-12-10 | 5.0 MEDIUM | N/A |
The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. |