Search Results (4505 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-7124 1 Zkup 1 Zkup 2026-04-23 N/A
zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.
CVE-2007-6385 1 Kerio 1 Winroute Firewall 2026-04-23 N/A
The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
CVE-2007-6011 1 Bug Software 1 Bughotel Reservation System 2026-04-23 N/A
Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5855 1 Apple 1 Mac Os X 2026-04-23 N/A
Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity.
CVE-2009-1826 1 Collector 1 Mygesuad 2026-04-23 N/A
modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
CVE-2007-4438 1 Ampache 1 Ampache 2026-04-23 N/A
Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2009-4584 1 Dbmasters 1 Db Masters Multimedia Links Directory 2026-04-23 N/A
admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentication and gain administrative access via a certain value of the admin_log cookie.
CVE-2008-5221 1 Wportfolio 1 Wportfolio 2026-04-23 N/A
The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.
CVE-2007-1951 1 Onelook 1 Oboshop 2026-04-23 N/A
Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
CVE-2008-2524 1 Blogphp 1 Blogphp 2026-04-23 N/A
BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie.
CVE-2007-3177 1 Ingate 2 Ingate Firewall, Ingate Siparator 2026-04-23 N/A
Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter.
CVE-2009-2058 1 Apple 1 Safari 2026-04-23 N/A
Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
CVE-2008-2298 1 Sourceforge 1 Web Slider 2026-04-23 N/A
Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1.
CVE-2009-2067 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
CVE-2007-4692 2 Apple, Microsoft 4 Mac Os X, Mac Os X Server, Safari and 1 more 2026-04-23 N/A
The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab.
CVE-2008-7156 1 Ekinboard 1 Ekinboard 2026-04-23 N/A
EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php.
CVE-2007-1966 1 Exv2 1 Content Management System 2026-04-23 9.1 Critical
Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.
CVE-2009-2117 1 Phportal 1 Phportal 2026-04-23 N/A
uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username.
CVE-2008-6269 1 Joovili 1 Joovili 2026-04-23 N/A
Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users.
CVE-2008-3321 1 Maian Script World 1 Maian Uploader 2026-04-23 N/A
admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie.