Export limit exceeded: 11800 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11800 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6863 | 1 Xigla | 1 Absolute Form Processor.net | 2026-04-23 | N/A |
| Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2007-6714 | 1 Dbmail | 1 Dbmail | 2026-04-23 | N/A |
| DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication. | ||||
| CVE-2008-6862 | 1 Xigla | 1 Absolute Content Rotator | 2026-04-23 | N/A |
| Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2008-4244 | 1 Rianxosencabos Cms | 1 Rianxosencabos Cms | 2026-04-23 | N/A |
| Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1. | ||||
| CVE-2008-6919 | 1 Taskdriver | 1 Taskdriver | 2026-04-23 | N/A |
| profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin." | ||||
| CVE-2009-1905 | 1 Ibm | 1 Db2 | 2026-04-23 | N/A |
| The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors. | ||||
| CVE-2008-4223 | 1 Apple | 1 Mac Os X Server | 2026-04-23 | N/A |
| Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. | ||||
| CVE-2008-1334 | 1 Bt | 1 Home Hub | 2026-04-23 | N/A |
| cgi/b on the BT Home Hub router allows remote attackers to bypass authentication, and read or modify administrative settings or make arbitrary VoIP telephone calls, by placing a character at the end of the PATH_INFO, as demonstrated by (1) %5C (encoded backslash), (2) '%' (percent), and (3) '~' (tilde). NOTE: the '/' (slash) vector is already covered by CVE-2007-5383. | ||||
| CVE-2008-4427 | 1 Phlatline | 1 Personal Information Manager | 2026-04-23 | N/A |
| changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords. | ||||
| CVE-2008-6858 | 1 Xigla | 1 Absolute Banner Manager.net | 2026-04-23 | N/A |
| Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2008-6939 | 1 Turnkeyforms | 1 Web Hosting Directory | 2026-04-23 | N/A |
| TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username. | ||||
| CVE-2008-3611 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen. | ||||
| CVE-2008-6947 | 1 Collabtive | 1 Collabtive | 2026-04-23 | N/A |
| Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php. | ||||
| CVE-2002-2427 | 1 Goahead | 1 Goahead Webserver | 2026-04-23 | N/A |
| The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. | ||||
| CVE-2007-5862 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. | ||||
| CVE-2008-5022 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2026-04-23 | N/A |
| The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. | ||||
| CVE-2008-1930 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013. | ||||
| CVE-2009-1836 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | ||||
| CVE-2008-2298 | 1 Sourceforge | 1 Web Slider | 2026-04-23 | N/A |
| Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1. | ||||
| CVE-2008-6855 | 1 Xigla | 1 Absolute News Feed | 2026-04-23 | N/A |
| Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie. | ||||