Export limit exceeded: 26435 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12799 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12799 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3504 1 Mpfm 1 Mask Php File Manager 2026-04-23 N/A
Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 has unknown impact and remote attack vectors related to "manipulation of cookies."
CVE-2008-3503 1 Webgui 1 Plain Black Webgui 2026-04-23 N/A
RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data).
CVE-2009-4367 1 Sitecore 1 Staging Module 2026-04-23 N/A
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request.
CVE-2008-3466 1 Microsoft 3 Host Integration Server 2000, Host Integration Server 2004, Host Integration Server 2006 2026-04-23 N/A
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
CVE-2009-4409 1 Iij 1 Seil\/b1 2026-04-23 N/A
The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack.
CVE-2009-4584 1 Dbmasters 1 Db Masters Multimedia Links Directory 2026-04-23 N/A
admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentication and gain administrative access via a certain value of the admin_log cookie.
CVE-2008-3428 1 Phpfreechat 1 Phpfreechat 2026-04-23 N/A
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter.
CVE-2006-6997 1 Mailenable 2 Mailenable Enterprise, Mailenable Standard 2026-04-23 N/A
Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792.
CVE-2008-3425 1 Sun 2 Java System Web Server Plugin, N1 Service Provisioning System 2026-04-23 N/A
Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors.
CVE-2008-3411 1 Axesstel 1 Akw-d800 2026-04-23 N/A
The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests.
CVE-2008-3407 1 Phplinkat 1 Phplinkat 2026-04-23 N/A
phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie.
CVE-2008-3375 1 Jamroom 1 Jamroom 2026-04-23 N/A
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie.
CVE-2008-3322 1 Maian 1 Recipe 2026-04-23 N/A
admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie.
CVE-2008-3321 1 Maian Script World 1 Maian Uploader 2026-04-23 N/A
admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie.
CVE-2008-3320 1 Maian 1 Guestbook 2026-04-23 N/A
admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie.
CVE-2008-3319 1 Maian 1 Links 2026-04-23 N/A
admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie.
CVE-2008-3318 1 Maian 1 Weblog 2026-04-23 N/A
admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie.
CVE-2008-3317 1 Maian Script World 1 Maian Search 2026-04-23 N/A
admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie.
CVE-2008-3299 1 Esyndicat 1 Esyndicat 2026-04-23 N/A
eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3292 1 Ezwebalbum 1 Ezwebalbum 2026-04-23 N/A
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.