Search Results (4543 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-7027 1 Libra File Manager 1 Php Filemanager 2026-04-23 N/A
Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1.
CVE-2008-4081 1 Stash 1 Stash 2026-04-23 N/A
admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie.
CVE-2007-3754 1 Apple 2 Iphone, Iphone Os 2026-04-23 N/A
Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.
CVE-2007-5008 1 Hp 1 Hp-ux 2026-04-23 N/A
The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected.
CVE-2008-0555 1 Apache-ssl 1 Apache-ssl 2026-04-23 N/A
The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
CVE-2007-5770 2 Redhat, Ruby-lang 2 Enterprise Linux, Ruby 2026-04-23 N/A
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
CVE-2009-2063 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.
CVE-2007-6601 4 Debian, Fedoraproject, Postgresql and 1 more 5 Debian Linux, Fedora, Postgresql and 2 more 2026-04-23 N/A
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
CVE-2008-7086 1 Maianscriptworld 1 Maian Greetings 2026-04-23 N/A
Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin.
CVE-2009-2070 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
CVE-2008-6440 2 Cerberus, Webgroupmedia 2 Cerberus Helpdesk, Cerberus Helpdesk 2026-04-23 N/A
Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.
CVE-2008-1321 1 Asg-sentry 1 Asg-sentry 2026-04-23 N/A
The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier does require authentication, which allows remote attackers to cause a denial of service (service termination) via the exit command to TCP port 6162, or have other impacts via other commands.
CVE-2009-2058 1 Apple 1 Safari 2026-04-23 N/A
Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
CVE-2008-5576 1 Scssboard 1 Scssboard 2026-04-23 N/A
admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the current_user[users_level] parameter.
CVE-2008-7081 1 Raidsonic 1 Icy Box Nas 2026-04-23 N/A
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2282 1 Thomas Voecking 1 Internet Photoshow 2026-04-23 N/A
admin.php in Internet Photoshow and Internet Photoshow Special Edition (SE) allows remote attackers to bypass authentication by setting the login_admin cookie to true.
CVE-2008-5407 1 Symantec 1 Backup Exec For Windows Server 2026-04-23 N/A
Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors.
CVE-2003-1570 1 Ibm 1 Tivoli Storage Manager 2026-04-23 N/A
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."
CVE-2009-2233 1 Awscripts 1 Gallery Search Engine 2026-04-23 N/A
The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1.
CVE-2008-4714 1 Atomic Photo Album 1 Atomic Photo Album 2026-04-23 N/A
Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password cookies, which probably allows remote attackers to bypass authentication and gain administrative access via modified cookies.