Total
3707 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3828 | 1 Everfocus | 1 Edr1600 | 2025-04-09 | 5.0 MEDIUM | N/A |
| The web interface for Everfocus EDR1600 DVR allows remote attackers to bypass authentication and access live cams via certain vectors. | |||||
| CVE-2009-2040 | 1 Grestul | 1 Grestul | 2025-04-09 | 7.5 HIGH | N/A |
| admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request. | |||||
| CVE-2008-6411 | 1 Explay | 1 Explay Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1. | |||||
| CVE-2009-4095 | 1 Companionway | 1 Myphile | 2025-04-09 | 7.5 HIGH | N/A |
| myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4632 | 1 Cisco | 1 Ios | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105. | |||||
| CVE-2009-1595 | 1 Igniterealtime | 1 Openfire | 2025-04-09 | 4.0 MEDIUM | N/A |
| The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action. | |||||
| CVE-2008-4167 | 1 Ezphotogallery | 1 Ezphotogallery | 2025-04-09 | 6.4 MEDIUM | N/A |
| useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account. | |||||
| CVE-2008-5022 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2025-04-09 | 7.5 HIGH | N/A |
| The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. | |||||
| CVE-2006-6705 | 1 Soumu | 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors. | |||||
| CVE-2008-6939 | 1 Turnkeyforms | 1 Web Hosting Directory | 2025-04-09 | 7.5 HIGH | N/A |
| TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username. | |||||
| CVE-2007-5987 | 1 Bti-tracker | 1 Bti-tracker | 2025-04-09 | 6.8 MEDIUM | N/A |
| details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest. | |||||
| CVE-2009-1754 | 1 Google | 1 Android | 2025-04-09 | 4.3 MEDIUM | N/A |
| The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application. | |||||
| CVE-2009-0642 | 1 Ruby-lang | 1 Ruby | 2025-04-09 | 6.8 MEDIUM | N/A |
| ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. | |||||
| CVE-2008-1321 | 1 Asg-sentry | 1 Asg-sentry | 2025-04-09 | 5.0 MEDIUM | N/A |
| The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier does require authentication, which allows remote attackers to cause a denial of service (service termination) via the exit command to TCP port 6162, or have other impacts via other commands. | |||||
| CVE-2006-6783 | 1 Logahead | 1 Logahead Unu | 2025-04-09 | 7.5 HIGH | N/A |
| logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6011 | 1 Bug Software | 1 Bughotel Reservation System | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0124 | 1 Arrl | 1 Tqsllib | 2025-04-09 | 5.0 MEDIUM | N/A |
| The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2008-6861 | 1 Xigla | 1 Absolute Newsletter | 2025-04-09 | 7.5 HIGH | N/A |
| Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2009-3232 | 1 Canonical | 1 Ubuntu Linux | 2025-04-09 | 9.3 HIGH | N/A |
| pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication. | |||||
| CVE-2008-0403 | 1 Belkin | 1 F5d9230-4 | 2025-04-09 | 5.5 MEDIUM | N/A |
| The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi. | |||||