Search Results (4506 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1395 1 Plone 1 Plone Cms 2026-04-23 N/A
Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes it easier for context-dependent attackers to reuse a logged-out session.
CVE-2008-6984 1 Parallels 1 Plesk 2026-04-23 N/A
Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
CVE-2008-1268 1 Linksys 1 Wrt54g 2026-04-23 N/A
The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password.
CVE-2007-6384 1 Bea 1 Weblogic Mobility Server 2026-04-23 N/A
Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors.
CVE-2008-3610 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list.
CVE-2008-2730 1 Cisco 1 Unified Communications Manager 2026-04-23 N/A
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843.
CVE-2009-3481 2 Isygen, Joomla 2 Com Icrmbasic, Joomla 2026-04-23 N/A
A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2524 1 Blogphp 1 Blogphp 2026-04-23 N/A
BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie.
CVE-2009-1587 1 Kalptarudemos 1 Php Site Lock 2026-04-23 N/A
index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values.
CVE-2007-6398 1 Flat Php 1 Board 2026-04-23 N/A
Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpb_username cookie.
CVE-2009-2382 1 Jay-jayx0r 1 Phpmyblockchecker 2026-04-23 9.8 Critical
admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.
CVE-2009-1122 1 Microsoft 2 Internet Information Services, Windows 2000 2026-04-23 N/A
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
CVE-2006-6783 1 Logahead 1 Logahead Unu 2026-04-23 N/A
logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. NOTE: some of these details are obtained from third party information.
CVE-2008-4146 1 Addalink 1 Addalink 2026-04-23 N/A
Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field.
CVE-2009-4128 1 Gnu 1 Grub 2 2026-04-23 N/A
GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.
CVE-2008-6717 1 Uochm 1 Signup 2026-04-23 N/A
U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) adminstart.php, (2) admineventtype.php, (3) admineventdetails.php, (4) admineventlist.php, (5) adminuserslist.php, (6) adminleaderslist.php, (7) admindatabase.php, and possibly (8) index.php.
CVE-2009-3107 1 Symantec 1 Altiris Deployment Solution 2026-04-23 N/A
Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.
CVE-2007-3050 1 Chameleon Cms 1 Chameleon Cms 2026-04-23 N/A
Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2008-3375 1 Jamroom 1 Jamroom 2026-04-23 N/A
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie.
CVE-2008-0408 1 Hfs 1 Http File Server 2026-04-23 N/A
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.