Export limit exceeded: 11725 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11725 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4721 | 1 Php Jabbers | 1 Post Comment | 2026-04-23 | N/A |
| PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged." | ||||
| CVE-2008-5575 | 1 Proclanmanager | 1 Pro Clan Manager | 2026-04-23 | N/A |
| Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2009-1670 | 1 Tcpdb | 1 Tcpdb | 2026-04-23 | N/A |
| user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6455 | 1 Edikon | 1 Phpshop | 2026-04-23 | N/A |
| Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2505 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2026-04-23 | N/A |
| The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability." | ||||
| CVE-2008-4146 | 1 Addalink | 1 Addalink | 2026-04-23 | N/A |
| Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field. | ||||
| CVE-2007-5752 | 1 Agtc Websolutions | 1 Php-agtc Membership System | 2026-04-23 | N/A |
| adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges. | ||||
| CVE-2009-1619 | 1 Teraway | 1 Filestream | 2026-04-23 | N/A |
| Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1. | ||||
| CVE-2008-5407 | 1 Symantec | 1 Backup Exec For Windows Server | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. | ||||
| CVE-2008-4708 | 1 Sylvain Pasquet | 1 Bbzl.php | 2026-04-23 | N/A |
| BbZL.PhP 0.92 allows remote attackers to bypass authentication and gain administrative access by setting the phorum_admin_session cookie to 1. | ||||
| CVE-2008-6816 | 1 Eaton | 1 Network Shutdown Module | 2026-04-23 | N/A |
| Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php. | ||||
| CVE-2008-6815 | 1 Myktools | 1 Myktools | 2026-04-23 | N/A |
| mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup. | ||||
| CVE-2009-3657 | 2 Drupal, Tim Nelson | 2 Drupal, Shared Sign-on | 2026-04-23 | N/A |
| Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2008-6857 | 1 Xigla | 1 Absolute Podcast.net | 2026-04-23 | N/A |
| Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2008-6854 | 1 Xigla | 1 Absolute Faq Manager .net | 2026-04-23 | N/A |
| Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2009-0280 | 1 Asp-project | 1 Asp-project | 2026-04-23 | N/A |
| Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1. | ||||
| CVE-2009-3623 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request. | ||||
| CVE-2008-0960 | 7 Cisco, Ecos Sourceware, Ingate and 4 more | 27 Ace 10 6504 Bundle With 4 Gbps Throughput, Ace 10 6509 Bundle With 8 Gbps Throughput, Ace 10 Service Module and 24 more | 2026-04-23 | N/A |
| SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. | ||||
| CVE-2008-3428 | 1 Phpfreechat | 1 Phpfreechat | 2026-04-23 | N/A |
| Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter. | ||||
| CVE-2007-5855 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity. | ||||