Vulnerabilities (CVE)

Filtered by CWE-287
Total 3369 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4548 1 Apache 1 Geronimo 2024-11-21 10.0 HIGH N/A
The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
CVE-2007-4438 1 Ampache 1 Ampache 2024-11-21 6.8 MEDIUM N/A
Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2007-4419 1 Olate 1 Olatedownload 2024-11-21 9.3 HIGH N/A
Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.
CVE-2007-4364 1 Fedoraproject 1 Commons 2024-11-21 8.5 HIGH N/A
Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector.
CVE-2007-4203 1 Mambo 1 Mambo Open Source 2024-11-21 9.3 HIGH N/A
Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter.
CVE-2007-4043 1 Securecomputing 1 Securityreporter 2024-11-21 5.0 MEDIUM N/A
file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files.
CVE-2007-3988 1 Virtual Hosting Control System 1 Virtual Hosting Control System 2024-11-21 6.8 MEDIUM N/A
Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2007-3754 1 Apple 2 Iphone, Iphone Os 2024-11-21 4.3 MEDIUM N/A
Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.
CVE-2007-3597 1 Zen Cart 1 Zen Cart 2024-11-21 8.5 HIGH N/A
Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter.
CVE-2007-3184 2 Apple, Cisco 2 Mac Os X, Trust Agent 2024-11-21 7.2 HIGH N/A
Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.
CVE-2007-3177 1 Ingate 2 Ingate Firewall, Ingate Siparator 2024-11-21 5.0 MEDIUM N/A
Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter.
CVE-2007-3050 1 Chameleon Cms 1 Chameleon Cms 2024-11-21 7.5 HIGH N/A
Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2007-2719 1 Hp 1 Systems Insight Manager 2024-11-21 10.0 HIGH N/A
Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.
CVE-2007-2555 1 Podium Cms 1 Podium Cms 2024-11-21 4.3 MEDIUM N/A
Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS).
CVE-2007-2546 1 Simple Machines 1 Simple Machines Forum 2024-11-21 6.8 MEDIUM N/A
Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2007-2277 1 Plogger 1 Plogger 2024-11-21 7.5 HIGH N/A
Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2007-2243 1 Openbsd 1 Openssh 2024-11-21 5.0 MEDIUM N/A
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
CVE-2007-1966 1 Exv2 1 Content Management System 2024-11-21 5.0 MEDIUM N/A
Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.
CVE-2007-1953 1 Onelook 1 Courts Online 2024-11-21 7.5 HIGH N/A
Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
CVE-2007-1952 1 Onelook 1 Onebyone Cms 2024-11-21 7.5 HIGH N/A
Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.