Total
3363 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-5913 | 1 Jean Charles | 1 Jbc Explorer | 2024-02-28 | 6.8 MEDIUM | N/A |
dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters. | |||||
CVE-2008-0391 | 1 Alilg | 1 Alitalk | 2024-02-28 | 7.5 HIGH | N/A |
inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters. | |||||
CVE-2007-3050 | 1 Chameleon Cms | 1 Chameleon Cms | 2024-02-28 | 7.5 HIGH | N/A |
Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
CVE-2007-5006 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites | 2024-02-28 | 10.0 HIGH | N/A |
Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores. | |||||
CVE-2007-4680 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 6.8 MEDIUM | N/A |
CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. | |||||
CVE-2007-1228 | 2 Ibm, Unix | 2 Db2, Unix | 2024-02-28 | 4.4 MEDIUM | N/A |
IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories. | |||||
CVE-2008-1130 | 1 Ibm | 1 Websphere Mq | 2024-02-28 | 6.6 MEDIUM | N/A |
Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel. | |||||
CVE-2008-0410 | 1 Hfs | 1 Http File Server | 2024-02-28 | 5.0 MEDIUM | N/A |
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL. | |||||
CVE-2007-4203 | 1 Mambo | 1 Mambo Open Source | 2024-02-28 | 9.3 HIGH | N/A |
Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. | |||||
CVE-2007-1952 | 1 Onelook | 1 Onebyone Cms | 2024-02-28 | 7.5 HIGH | N/A |
Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | |||||
CVE-2007-5862 | 1 Apple | 1 Mac Os X | 2024-02-28 | 9.4 HIGH | N/A |
Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. | |||||
CVE-2007-5797 | 1 Apache | 1 Geronimo | 2024-02-28 | 7.5 HIGH | N/A |
SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database. | |||||
CVE-2007-5714 | 1 Gentoo | 1 Mldonkey Ebuild | 2024-02-28 | 6.8 MEDIUM | N/A |
The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code. | |||||
CVE-2007-2555 | 1 Podium Cms | 1 Podium Cms | 2024-02-28 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS). | |||||
CVE-2007-4438 | 1 Ampache | 1 Ampache | 2024-02-28 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
CVE-2007-6226 | 1 Apc | 2 Oas, Switched Rack Pdu Firmware | 2024-02-28 | 7.1 HIGH | N/A |
The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits. | |||||
CVE-2007-1951 | 1 Onelook | 1 Oboshop | 2024-02-28 | 7.5 HIGH | N/A |
Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | |||||
CVE-2007-5987 | 1 Bti-tracker | 1 Bti-tracker | 2024-02-28 | 6.8 MEDIUM | N/A |
details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest. | |||||
CVE-2008-0895 | 1 Bea | 1 Weblogic Server | 2024-02-28 | 6.4 MEDIUM | N/A |
BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers. | |||||
CVE-2007-3184 | 2 Apple, Cisco | 2 Mac Os X, Trust Agent | 2024-02-28 | 7.2 HIGH | N/A |
Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation. |