Search Results (12802 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-7179 1 Otmanager 1 Otmanager Cms 2026-04-23 N/A
OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php.
CVE-2008-4146 1 Addalink 1 Addalink 2026-04-23 N/A
Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field.
CVE-2008-3815 1 Cisco 2 Asa 5500, Pix 2026-04-23 N/A
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors.
CVE-2008-5967 1 Phpicalendar 1 Phpicalendar 2026-04-23 N/A
admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.
CVE-2008-3866 1 Trend Micro 3 Internet Security 2007, Internet Security 2008, Officescan 2026-04-23 N/A
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.
CVE-2007-5085 1 Apache 1 Geronimo 2026-04-23 N/A
Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
CVE-2008-6411 1 Explay 1 Explay Cms 2026-04-23 N/A
Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1.
CVE-2003-1574 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-23 N/A
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information.
CVE-2008-5040 1 Graphiks 1 Myforum 2026-04-23 N/A
Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1.
CVE-2007-2546 1 Simple Machines 1 Simple Machines Forum 2026-04-23 N/A
Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2007-1062 1 Cisco 4 Unified Ip Conference Station 7935, Unified Ip Conference Station 7935 Firmware, Unified Ip Conference Station 7936 and 1 more 2026-04-23 N/A
The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time
CVE-2008-4649 1 Elxis 1 Elxis Cms 2026-04-23 N/A
Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2008-6719 1 Uochm 1 Justlistit 2026-04-23 N/A
U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) start.php, (2) aktivitet.php, (3) prop_aktivitet.php, (4) kategorier.php, (5) konfig.php, (6) security.php, (7) manual.php, and possibly (8) index.php.
CVE-2009-1617 1 Teraway 1 Linktracker 2026-04-23 N/A
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.
CVE-2009-0662 1 Plone 2 Plone, Plonepas 2026-04-23 N/A
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
CVE-2008-4784 1 Aflog 1 Aflog 2026-04-23 N/A
aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php.
CVE-2008-3610 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list.
CVE-2008-5022 4 Canonical, Debian, Mozilla and 1 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2026-04-23 N/A
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.
CVE-2008-6714 1 Xecms Project 1 Xecms 2026-04-23 N/A
admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to bypass authentication and access the admin panel by setting the xecms_username cookie.
CVE-2008-4721 1 Php Jabbers 1 Post Comment 2026-04-23 N/A
PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."