Vulnerabilities (CVE)

Filtered by CWE-287
Total 3363 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-5913 1 Jean Charles 1 Jbc Explorer 2024-02-28 6.8 MEDIUM N/A
dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters.
CVE-2008-0391 1 Alilg 1 Alitalk 2024-02-28 7.5 HIGH N/A
inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters.
CVE-2007-3050 1 Chameleon Cms 1 Chameleon Cms 2024-02-28 7.5 HIGH N/A
Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2007-5006 2 Broadcom, Ca 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites 2024-02-28 10.0 HIGH N/A
Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores.
CVE-2007-4680 1 Apple 2 Mac Os X, Mac Os X Server 2024-02-28 6.8 MEDIUM N/A
CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.
CVE-2007-1228 2 Ibm, Unix 2 Db2, Unix 2024-02-28 4.4 MEDIUM N/A
IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.
CVE-2008-1130 1 Ibm 1 Websphere Mq 2024-02-28 6.6 MEDIUM N/A
Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel.
CVE-2008-0410 1 Hfs 1 Http File Server 2024-02-28 5.0 MEDIUM N/A
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.
CVE-2007-4203 1 Mambo 1 Mambo Open Source 2024-02-28 9.3 HIGH N/A
Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter.
CVE-2007-1952 1 Onelook 1 Onebyone Cms 2024-02-28 7.5 HIGH N/A
Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
CVE-2007-5862 1 Apple 1 Mac Os X 2024-02-28 9.4 HIGH N/A
Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.
CVE-2007-5797 1 Apache 1 Geronimo 2024-02-28 7.5 HIGH N/A
SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
CVE-2007-5714 1 Gentoo 1 Mldonkey Ebuild 2024-02-28 6.8 MEDIUM N/A
The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code.
CVE-2007-2555 1 Podium Cms 1 Podium Cms 2024-02-28 4.3 MEDIUM N/A
Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS).
CVE-2007-4438 1 Ampache 1 Ampache 2024-02-28 6.8 MEDIUM N/A
Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2007-6226 1 Apc 2 Oas, Switched Rack Pdu Firmware 2024-02-28 7.1 HIGH N/A
The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits.
CVE-2007-1951 1 Onelook 1 Oboshop 2024-02-28 7.5 HIGH N/A
Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
CVE-2007-5987 1 Bti-tracker 1 Bti-tracker 2024-02-28 6.8 MEDIUM N/A
details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest.
CVE-2008-0895 1 Bea 1 Weblogic Server 2024-02-28 6.4 MEDIUM N/A
BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers.
CVE-2007-3184 2 Apple, Cisco 2 Mac Os X, Trust Agent 2024-02-28 7.2 HIGH N/A
Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.