Total
3363 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0823 | 1 Drupal | 1 Header Image | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors. | |||||
CVE-2007-2546 | 1 Simple Machines | 1 Simple Machines Forum | 2024-02-28 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
CVE-2007-1859 | 2 Redhat, Xscreensaver | 4 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation and 1 more | 2024-02-28 | 4.6 MEDIUM | N/A |
XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication. | |||||
CVE-2007-3177 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2024-02-28 | 5.0 MEDIUM | N/A |
Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter. | |||||
CVE-2007-6006 | 1 Testlink | 1 Testlink | 2024-02-28 | 10.0 HIGH | N/A |
TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors. | |||||
CVE-2007-6385 | 1 Kerio | 1 Winroute Firewall | 2024-02-28 | 2.1 LOW | N/A |
The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
CVE-2007-0435 | 1 T-com | 2 Speedport 500v, Speedport 500v Firmware | 2024-02-28 | 7.5 HIGH | N/A |
T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value. | |||||
CVE-2008-1268 | 1 Linksys | 1 Wrt54g | 2024-02-28 | 10.0 HIGH | N/A |
The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password. | |||||
CVE-2007-1949 | 1 Webblizzard | 1 Content Management System | 2024-02-28 | 7.5 HIGH | N/A |
Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | |||||
CVE-2007-1160 | 1 Webspell | 1 Webspell | 2024-02-28 | 10.0 HIGH | N/A |
webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | |||||
CVE-2008-0408 | 1 Hfs | 1 Http File Server | 2024-02-28 | 6.4 MEDIUM | N/A |
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication. | |||||
CVE-2008-0351 | 1 Evilsentinel | 1 Evilsentinel | 2024-02-28 | 5.0 MEDIUM | N/A |
admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php. | |||||
CVE-2007-5578 | 1 Secureideas | 1 Basic Analysis And Security Engine | 2024-02-28 | 7.5 HIGH | N/A |
Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors. | |||||
CVE-2006-6997 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Standard | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792. | |||||
CVE-2007-5085 | 1 Apache | 1 Geronimo | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors. | |||||
CVE-2007-6011 | 1 Bug Software | 1 Bughotel Reservation System | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-0476 | 1 Manageengine | 1 Applications Manager | 2024-02-28 | 6.4 MEDIUM | N/A |
ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-4693 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.2 HIGH | N/A |
The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields." | |||||
CVE-2007-6601 | 3 Debian, Fedoraproject, Postgresql | 3 Debian Linux, Fedora, Postgresql | 2024-02-28 | 7.2 HIGH | N/A |
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278. | |||||
CVE-2008-1269 | 1 Alice | 1 Gate2 Plus Wi-fi | 2024-02-28 | 7.1 HIGH | N/A |
cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request. |