Total
4064 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0085 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-09 | N/A |
| The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability." | ||||
| CVE-2007-1160 | 1 Webspell | 1 Webspell | 2025-04-09 | N/A |
| webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | ||||
| CVE-2007-4043 | 1 Securecomputing | 1 Securityreporter | 2025-04-09 | 9.8 Critical |
| file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files. | ||||
| CVE-2008-6723 | 1 Turnkeyforms | 1 Entertainment Portal | 2025-04-09 | N/A |
| TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator. | ||||
| CVE-2008-3321 | 1 Maian Script World | 1 Maian Uploader | 2025-04-09 | N/A |
| admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie. | ||||
| CVE-2008-6916 | 2 John Doe, Siemens | 2 Netport Software, Speedstream 5200 | 2025-04-09 | N/A |
| Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname. | ||||
| CVE-2008-5708 | 1 Slimcms | 1 Slimcms | 2025-04-09 | N/A |
| redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1. | ||||
| CVE-2008-6664 | 1 Yarck | 1 Sh-news | 2025-04-09 | N/A |
| action.php in SH-News 3.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values. | ||||
| CVE-2009-3231 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 6 Ubuntu Linux, Fedora, Opensuse and 3 more | 2025-04-09 | N/A |
| The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password. | ||||
| CVE-2008-6738 | 1 Mark Girling | 1 Myshoutpro | 2025-04-09 | N/A |
| MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1. | ||||
| CVE-2009-0025 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2025-04-09 | N/A |
| BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | ||||
| CVE-2009-2863 | 1 Cisco | 1 Ios | 2025-04-09 | N/A |
| Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227. | ||||
| CVE-2009-2410 | 1 Fedorahosted | 1 Sssd | 2025-04-09 | N/A |
| The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the account's username, in conjunction with an arbitrary password, over an ssh connection. | ||||
| CVE-2007-5006 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites | 2025-04-09 | N/A |
| Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores. | ||||
| CVE-2003-1574 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-09 | N/A |
| TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4203 | 1 Mambo | 1 Mambo Open Source | 2025-04-09 | N/A |
| Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. | ||||
| CVE-2008-6951 | 1 Cms.maury91 | 1 Maurycms | 2025-04-09 | N/A |
| MauryCMS 0.53.2 and earlier does not require administrative authentication for Editors/fckeditor/editor/filemanager/browser/default/browser.html, which allows remote attackers to upload arbitrary files via a direct request. | ||||
| CVE-2007-4438 | 1 Ampache | 1 Ampache | 2025-04-09 | N/A |
| Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2008-7041 | 1 Ajsquare | 1 Aj Classifieds | 2025-04-09 | N/A |
| AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php. | ||||
| CVE-2009-2255 | 1 Zen-cart | 1 Zen Cart | 2025-04-09 | N/A |
| Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/. | ||||