Total
3707 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1395 | 1 Plone | 1 Plone Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes it easier for context-dependent attackers to reuse a logged-out session. | |||||
| CVE-2009-4409 | 1 Iij | 1 Seil\/b1 | 2025-04-09 | 2.6 LOW | N/A |
| The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack. | |||||
| CVE-2009-1619 | 1 Teraway | 1 Filestream | 2025-04-09 | 7.5 HIGH | N/A |
| Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1. | |||||
| CVE-2009-1638 | 1 T-dreams | 1 Job Career Package | 2025-04-09 | 7.5 HIGH | N/A |
| Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login. | |||||
| CVE-2008-3815 | 1 Cisco | 2 Asa 5500, Pix | 2025-04-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. | |||||
| CVE-2009-0461 | 1 Wholehogsoftware | 1 Password Protect | 2025-04-09 | 7.5 HIGH | N/A |
| Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie. | |||||
| CVE-2009-0138 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 10.0 HIGH | N/A |
| servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration. | |||||
| CVE-2009-4151 | 1 Bestpractical | 1 Rt | 2025-04-09 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a related issue to CVE-2009-3585. | |||||
| CVE-2007-5791 | 1 Vonage | 1 Motorola Phone Adapter Vt2142-vd | 2025-04-09 | 10.0 HIGH | N/A |
| The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content. | |||||
| CVE-2008-4622 | 1 Phpfastnews | 1 Phpfastnews | 2025-04-09 | 7.5 HIGH | N/A |
| The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1. | |||||
| CVE-2008-7028 | 1 Aves | 1 Rpg Board | 2025-04-09 | 7.5 HIGH | N/A |
| RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges by setting the keep4u cookie to a certain value. | |||||
| CVE-2008-5558 | 1 Asterisk | 2 Asterisk Business Edition, Open Source | 2025-04-09 | 4.3 MEDIUM | N/A |
| Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching. | |||||
| CVE-2008-1868 | 1 Pixel Motion | 1 Pixel Motion Blog | 2025-04-09 | 7.5 HIGH | N/A |
| admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information. | |||||
| CVE-2007-1160 | 1 Webspell | 1 Webspell | 2025-04-09 | 10.0 HIGH | N/A |
| webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | |||||
| CVE-2008-0150 | 1 Aruba Networks | 1 Aruba Mobility Controllers | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access. | |||||
| CVE-2008-1269 | 1 Alice | 1 Gate2 Plus Wi-fi | 2025-04-09 | 7.1 HIGH | N/A |
| cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request. | |||||
| CVE-2007-1966 | 1 Exv2 | 1 Content Management System | 2025-04-09 | 5.0 MEDIUM | 9.1 CRITICAL |
| Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie. | |||||
| CVE-2008-5783 | 1 V3chat | 1 V3 Chat Live Support | 2025-04-09 | 7.5 HIGH | N/A |
| admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | |||||
| CVE-2008-0210 | 1 Uebimiau | 1 Webmail | 2025-04-09 | 6.4 MEDIUM | N/A |
| Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140. | |||||
| CVE-2008-2524 | 1 Blogphp | 1 Blogphp | 2025-04-09 | 5.0 MEDIUM | N/A |
| BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie. | |||||