Total
3985 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1264 | 1 Linksys | 1 Wrt54g | 2025-04-09 | N/A |
| The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file. | ||||
| CVE-2008-1269 | 1 Alice | 1 Gate2 Plus Wi-fi | 2025-04-09 | N/A |
| cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request. | ||||
| CVE-2008-1238 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms. | ||||
| CVE-2009-0280 | 1 Asp-project | 1 Asp-project | 2025-04-09 | N/A |
| Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1. | ||||
| CVE-2008-1259 | 1 Zyxel | 1 P-2602hw-d1a | 2025-04-09 | N/A |
| The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated within the previous 5 minutes. | ||||
| CVE-2009-1619 | 1 Teraway | 1 Filestream | 2025-04-09 | N/A |
| Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1. | ||||
| CVE-2008-1134 | 1 Omegasoft | 1 Interneserviceslosungen | 2025-04-09 | N/A |
| OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports authentication with a cookie that lacks a shared secret, which allows remote attackers to login as an arbitrary user via a modified cookie. | ||||
| CVE-2009-3481 | 2 Isygen, Joomla | 2 Com Icrmbasic, Joomla | 2025-04-09 | N/A |
| A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4548 | 1 Apache | 1 Geronimo | 2025-04-09 | N/A |
| The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module. | ||||
| CVE-2009-0362 | 1 Fail2ban | 1 Fail2ban | 2025-04-09 | N/A |
| filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321. | ||||
| CVE-2008-0926 | 1 Novell | 1 Edirectory | 2025-04-09 | N/A |
| The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected. | ||||
| CVE-2009-4584 | 1 Dbmasters | 1 Db Masters Multimedia Links Directory | 2025-04-09 | N/A |
| admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentication and gain administrative access via a certain value of the admin_log cookie. | ||||
| CVE-2009-4447 | 1 Jax Scripts | 1 Jax Guestbook | 2025-04-09 | N/A |
| Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php. | ||||
| CVE-2009-4409 | 1 Iij | 1 Seil\/b1 | 2025-04-09 | N/A |
| The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack. | ||||
| CVE-2009-4367 | 1 Sitecore | 1 Staging Module | 2025-04-09 | N/A |
| The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request. | ||||
| CVE-2008-7047 | 1 Natterchat | 1 Natterchat | 2025-04-09 | N/A |
| NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp. | ||||
| CVE-2008-5576 | 1 Scssboard | 1 Scssboard | 2025-04-09 | N/A |
| admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the current_user[users_level] parameter. | ||||
| CVE-2009-4232 | 2 Jonijnm, Joomla | 2 Com Kide, Joomla\! | 2025-04-09 | N/A |
| The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4095 | 1 Companionway | 1 Myphile | 2025-04-09 | N/A |
| myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0555 | 1 Apache-ssl | 1 Apache-ssl | 2025-04-09 | N/A |
| The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables. | ||||