Vulnerabilities (CVE)

Filtered by CWE-287
Total 3363 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0823 1 Drupal 1 Header Image 2024-02-28 10.0 HIGH N/A
Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors.
CVE-2007-2546 1 Simple Machines 1 Simple Machines Forum 2024-02-28 6.8 MEDIUM N/A
Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2007-1859 2 Redhat, Xscreensaver 4 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation and 1 more 2024-02-28 4.6 MEDIUM N/A
XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.
CVE-2007-3177 1 Ingate 2 Ingate Firewall, Ingate Siparator 2024-02-28 5.0 MEDIUM N/A
Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter.
CVE-2007-6006 1 Testlink 1 Testlink 2024-02-28 10.0 HIGH N/A
TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.
CVE-2007-6385 1 Kerio 1 Winroute Firewall 2024-02-28 2.1 LOW N/A
The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
CVE-2007-0435 1 T-com 2 Speedport 500v, Speedport 500v Firmware 2024-02-28 7.5 HIGH N/A
T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value.
CVE-2008-1268 1 Linksys 1 Wrt54g 2024-02-28 10.0 HIGH N/A
The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password.
CVE-2007-1949 1 Webblizzard 1 Content Management System 2024-02-28 7.5 HIGH N/A
Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
CVE-2007-1160 1 Webspell 1 Webspell 2024-02-28 10.0 HIGH N/A
webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
CVE-2008-0408 1 Hfs 1 Http File Server 2024-02-28 6.4 MEDIUM N/A
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
CVE-2008-0351 1 Evilsentinel 1 Evilsentinel 2024-02-28 5.0 MEDIUM N/A
admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php.
CVE-2007-5578 1 Secureideas 1 Basic Analysis And Security Engine 2024-02-28 7.5 HIGH N/A
Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors.
CVE-2006-6997 1 Mailenable 2 Mailenable Enterprise, Mailenable Standard 2024-02-28 10.0 HIGH N/A
Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792.
CVE-2007-5085 1 Apache 1 Geronimo 2024-02-28 5.0 MEDIUM N/A
Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
CVE-2007-6011 1 Bug Software 1 Bughotel Reservation System 2024-02-28 10.0 HIGH N/A
Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0476 1 Manageengine 1 Applications Manager 2024-02-28 6.4 MEDIUM N/A
ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4693 1 Apple 2 Mac Os X, Mac Os X Server 2024-02-28 7.2 HIGH N/A
The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."
CVE-2007-6601 3 Debian, Fedoraproject, Postgresql 3 Debian Linux, Fedora, Postgresql 2024-02-28 7.2 HIGH N/A
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
CVE-2008-1269 1 Alice 1 Gate2 Plus Wi-fi 2024-02-28 7.1 HIGH N/A
cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request.