Search Results (4503 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-0014 1 Fedoraproject 1 Sssd 2026-04-23 N/A
System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT.
CVE-2007-5714 1 Gentoo 1 Mldonkey Ebuild 2026-04-23 N/A
The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code.
CVE-2008-3320 1 Maian 1 Guestbook 2026-04-23 N/A
admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie.
CVE-2008-6855 1 Xigla 1 Absolute News Feed 2026-04-23 N/A
Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie.
CVE-2007-1949 1 Webblizzard 1 Content Management System 2026-04-23 N/A
Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
CVE-2009-0412 1 Interspire 1 Shopping Cart 2026-04-23 N/A
The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.
CVE-2009-0124 1 Arrl 1 Tqsllib 2026-04-23 N/A
The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
CVE-2008-4427 1 Phlatline 1 Personal Information Manager 2026-04-23 N/A
changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.
CVE-2008-1904 1 Cicoandcico 1 Ccmail 2026-04-23 N/A
Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote attackers to obtain access to the "admin area" via a modified this_cookie cookie.
CVE-2009-1629 1 Antony Lesuisse 1 Ajaxterm 2026-04-23 N/A
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
CVE-2008-6856 1 Xigla 1 Absolute News Manager.net 2026-04-23 N/A
Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
CVE-2008-0536 2 Cisco, Icon-labs 2 Service Control Engine, Iconfidant Ssh 2026-04-23 N/A
Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers "illegal I/O operations," aka Bug ID CSCsh49563.
CVE-2008-5708 1 Slimcms 1 Slimcms 2026-04-23 N/A
redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1.
CVE-2008-6131 1 Mozilo 1 Mozilowiki 2026-04-23 N/A
Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2008-4576 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2026-04-23 N/A
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires.
CVE-2008-6858 1 Xigla 1 Absolute Banner Manager.net 2026-04-23 N/A
Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
CVE-2009-3828 1 Everfocus 1 Edr1600 2026-04-23 N/A
The web interface for Everfocus EDR1600 DVR allows remote attackers to bypass authentication and access live cams via certain vectors.
CVE-2008-0706 2 Compaq, Hp 4 Presario A900, Presario C700, G7000 and 1 more 2026-04-23 N/A
Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password.
CVE-2008-1868 1 Pixel Motion 1 Pixel Motion Blog 2026-04-23 N/A
admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information.
CVE-2008-7028 1 Aves 1 Rpg Board 2026-04-23 N/A
RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges by setting the keep4u cookie to a certain value.