Export limit exceeded: 362527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4504 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5040 | 1 Graphiks | 1 Myforum | 2026-04-23 | N/A |
| Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1. | ||||
| CVE-2008-2347 | 1 Mypicgallery | 1 Mypicgallery | 2026-04-23 | N/A |
| MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php. | ||||
| CVE-2008-3211 | 1 Scripteen | 1 Free Image Hosting Script | 2026-04-23 | N/A |
| Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attackers to bypass authentication and gain administrative access by setting the cookid cookie value to 1. | ||||
| CVE-2009-1826 | 1 Collector | 1 Mygesuad | 2026-04-23 | N/A |
| modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action. | ||||
| CVE-2007-3597 | 1 Zen Cart | 1 Zen Cart | 2026-04-23 | N/A |
| Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. | ||||
| CVE-2009-0891 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks. | ||||
| CVE-2009-2117 | 1 Phportal | 1 Phportal | 2026-04-23 | N/A |
| uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username. | ||||
| CVE-2008-4752 | 1 Tech Logic | 1 Tlnews | 2026-04-23 | N/A |
| TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin. | ||||
| CVE-2008-0377 | 1 News | 1 Micronews | 2026-04-23 | N/A |
| MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php. | ||||
| CVE-2008-4319 | 1 Libra File Manager | 1 Php Filemanager | 2026-04-23 | N/A |
| fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string. | ||||
| CVE-2009-2069 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | ||||
| CVE-2007-5374 | 1 Lightblog | 1 Lightblog | 2026-04-23 | N/A |
| cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account. | ||||
| CVE-2008-4649 | 1 Elxis | 1 Elxis Cms | 2026-04-23 | N/A |
| Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2007-5752 | 1 Agtc Websolutions | 1 Php-agtc Membership System | 2026-04-23 | N/A |
| adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges. | ||||
| CVE-2009-0492 | 1 Simpleircbot | 1 Simpleircbot | 2026-04-23 | N/A |
| Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerability." | ||||
| CVE-2009-4232 | 2 Jonijnm, Joomla | 2 Com Kide, Joomla\! | 2026-04-23 | N/A |
| The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4622 | 1 Phpfastnews | 1 Phpfastnews | 2026-04-23 | N/A |
| The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1. | ||||
| CVE-2008-2528 | 1 Citrix | 1 Access Gateway | 2026-04-23 | N/A |
| Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors. | ||||
| CVE-2009-4089 | 1 Telepark | 1 Telepark.wiki | 2026-04-23 | N/A |
| telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php. | ||||
| CVE-2008-0351 | 1 Evilsentinel | 1 Evilsentinel | 2026-04-23 | N/A |
| admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php. | ||||