Search Results (12809 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6714 1 Xecms Project 1 Xecms 2026-04-23 N/A
admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to bypass authentication and access the admin panel by setting the xecms_username cookie.
CVE-2008-6716 1 Preprojects 1 Pre Ads Portal 2026-04-23 N/A
homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not require administrative authentication, which allows remote attackers to have an unspecified impact via a direct request.
CVE-2008-6717 1 Uochm 1 Signup 2026-04-23 N/A
U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) adminstart.php, (2) admineventtype.php, (3) admineventdetails.php, (4) admineventlist.php, (5) adminuserslist.php, (6) adminleaderslist.php, (7) admindatabase.php, and possibly (8) index.php.
CVE-2008-6718 1 Uochm 1 Justbookit 2026-04-23 N/A
U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) user_manual.php, (2) user_config.php, (3) user_kundnamn.php, (4) user_kundlista.php, (5) user_aktiva_kunder.php, (6) database.php, and possibly (7) index.php.
CVE-2008-5158 1 Clientsoftware 1 Wincome Mpd Total 2026-04-23 N/A
Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving "simply skipping the auth stage."
CVE-2008-5125 1 Castillocentral 1 Ccleague 2026-04-23 N/A
admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin.
CVE-2008-6719 1 Uochm 1 Justlistit 2026-04-23 N/A
U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) start.php, (2) aktivitet.php, (3) prop_aktivitet.php, (4) kategorier.php, (5) konfig.php, (6) security.php, (7) manual.php, and possibly (8) index.php.
CVE-2008-6723 1 Turnkeyforms 1 Entertainment Portal 2026-04-23 N/A
TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator.
CVE-2008-6738 1 Mark Girling 1 Myshoutpro 2026-04-23 N/A
MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1.
CVE-2008-6739 1 Toddwoolums 1 Asp Download 2026-04-23 N/A
Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request.
CVE-2008-6743 1 Shock-therapy 1 Rsmscript 2026-04-23 N/A
RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which bypasses the security check that is performed by verify.php.
CVE-2008-6763 1 Hypersilence 1 Silentum Loginsys 2026-04-23 N/A
login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypass authentication and obtain access to an arbitrary account by setting the logged_in cookie to that account's username.
CVE-2008-6804 1 Tribiq 1 Tribiq Cms 2026-04-23 N/A
Tribiq CMS 5.0.9a beta allows remote attackers to bypass authentication and gain administrative access by setting the COOKIE_LAST_ADMIN_USER and COOKIE_LAST_ADMIN_LANG cookies. NOTE: a third party reports that the vendor disputes the existence of this issue
CVE-2008-6815 1 Myktools 1 Myktools 2026-04-23 N/A
mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup.
CVE-2008-6816 1 Eaton 1 Network Shutdown Module 2026-04-23 N/A
Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php.
CVE-2008-6854 1 Xigla 1 Absolute Faq Manager .net 2026-04-23 N/A
Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
CVE-2002-2427 1 Goahead 1 Goahead Webserver 2026-04-23 N/A
The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.
CVE-2008-6855 1 Xigla 1 Absolute News Feed 2026-04-23 N/A
Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie.
CVE-2008-6856 1 Xigla 1 Absolute News Manager.net 2026-04-23 N/A
Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
CVE-2008-6857 1 Xigla 1 Absolute Podcast.net 2026-04-23 N/A
Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.