Total
3704 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5964 | 1 Impresscms | 1 Impresscms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
| CVE-2007-2546 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
| CVE-2008-4515 | 1 Blue Coat Systems | 1 K9 Web Protection | 2025-04-09 | 7.5 HIGH | N/A |
| Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript. | |||||
| CVE-2009-2068 | 1 Opera | 1 Opera | 2025-04-09 | 5.8 MEDIUM | N/A |
| Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | |||||
| CVE-2008-6947 | 1 Collabtive | 1 Collabtive | 2025-04-09 | 7.5 HIGH | N/A |
| Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php. | |||||
| CVE-2008-6857 | 1 Xigla | 1 Absolute Podcast.net | 2025-04-09 | 7.5 HIGH | N/A |
| Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2007-6398 | 1 Flat Php | 1 Board | 2025-04-09 | 5.0 MEDIUM | N/A |
| Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpb_username cookie. | |||||
| CVE-2008-5576 | 1 Scssboard | 1 Scssboard | 2025-04-09 | 7.5 HIGH | N/A |
| admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the current_user[users_level] parameter. | |||||
| CVE-2007-5752 | 1 Agtc Websolutions | 1 Php-agtc Membership System | 2025-04-09 | 7.5 HIGH | N/A |
| adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges. | |||||
| CVE-2008-6039 | 1 Bluepage | 1 Bluepage Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
| CVE-2009-2088 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 7.5 HIGH | N/A |
| The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," related to a certain invokefilterscompatibility property. | |||||
| CVE-2009-1384 | 2 Eyrie, Redhat | 2 Pam-krb5, Enterprise Linux | 2025-04-09 | 5.0 MEDIUM | N/A |
| pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2008-7041 | 1 Ajsquare | 1 Aj Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
| AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php. | |||||
| CVE-2007-6006 | 1 Testlink | 1 Testlink | 2025-04-09 | 10.0 HIGH | N/A |
| TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors. | |||||
| CVE-2008-6863 | 1 Xigla | 1 Absolute Form Processor.net | 2025-04-09 | 7.5 HIGH | N/A |
| Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2009-2328 | 1 Max Kervin | 1 Kervinet Forum | 2025-04-09 | 7.5 HIGH | N/A |
| admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter. | |||||
| CVE-2007-5085 | 1 Apache | 1 Geronimo | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors. | |||||
| CVE-2009-2071 | 1 Google | 1 Chrome | 2025-04-09 | 6.8 MEDIUM | N/A |
| Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | |||||
| CVE-2008-6919 | 1 Taskdriver | 1 Taskdriver | 2025-04-09 | 7.5 HIGH | N/A |
| profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin." | |||||
| CVE-2009-0655 | 1 Lenovo | 1 Veriface | 2025-04-09 | 6.9 MEDIUM | N/A |
| Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user. | |||||