Search Results (4545 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3441 1 Alienvault 1 Ossim 2026-04-23 N/A
Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to (1) graphs/alarms_events.php or (2) host/draw_tree.php.
CVE-2009-3423 1 Zenas 1 Paolink 2026-04-23 N/A
login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
CVE-2007-5913 1 Jean Charles 1 Jbc Explorer 2026-04-23 N/A
dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters.
CVE-2009-3422 1 Zenas 1 Paoliber 2026-04-23 N/A
login.php in Zenas PaoLiber 1.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
CVE-2009-3421 1 Zenas 1 Pao-bacheca Guestbook 2026-04-23 9.8 Critical
login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
CVE-2009-2697 2 Gnome, Redhat 2 Gdm, Enterprise Linux 2026-04-23 N/A
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.
CVE-2007-5862 1 Apple 1 Mac Os X 2026-04-23 N/A
Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.
CVE-2009-2642 1 Desiscripts 1 Desi Short Url Script 2026-04-23 N/A
index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13.
CVE-2009-2505 1 Microsoft 2 Windows Server 2008, Windows Vista 2026-04-23 N/A
The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
CVE-2009-1670 1 Tcpdb 1 Tcpdb 2026-04-23 N/A
user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2007-5855 1 Apple 1 Mac Os X 2026-04-23 N/A
Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity.
CVE-2009-1664 1 Easy-scripts 1 Answer And Question Script 2026-04-23 N/A
myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters.
CVE-2009-1638 1 T-dreams 1 Job Career Package 2026-04-23 N/A
Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login.
CVE-2009-1629 1 Antony Lesuisse 1 Ajaxterm 2026-04-23 N/A
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
CVE-2009-1619 1 Teraway 1 Filestream 2026-04-23 N/A
Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.
CVE-2007-5008 1 Hp 1 Hp-ux 2026-04-23 N/A
The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected.
CVE-2009-1618 1 Teraway 1 Livehelp 2026-04-23 N/A
Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.
CVE-2009-1617 1 Teraway 1 Linktracker 2026-04-23 N/A
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.
CVE-2009-1596 1 Igniterealtime 1 Openfire 2026-04-23 6.5 Medium
Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet.
CVE-2009-1595 1 Igniterealtime 1 Openfire 2026-04-23 N/A
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.