Export limit exceeded: 343482 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343482 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4260 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5987 | 1 Bti-tracker | 1 Bti-tracker | 2025-04-09 | N/A |
| details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest. | ||||
| CVE-2008-1930 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013. | ||||
| CVE-2007-5913 | 1 Jean Charles | 1 Jbc Explorer | 2025-04-09 | N/A |
| dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters. | ||||
| CVE-2007-5862 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. | ||||
| CVE-2007-5855 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity. | ||||
| CVE-2007-5797 | 1 Apache | 1 Geronimo | 2025-04-09 | N/A |
| SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database. | ||||
| CVE-2007-5162 | 2 Redhat, Ruby-lang | 2 Enterprise Linux, Ruby | 2025-04-09 | N/A |
| The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. | ||||
| CVE-2007-5152 | 1 Sun | 2 Java System Access Manager, Java System Application Server | 2025-04-09 | N/A |
| Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks. | ||||
| CVE-2007-5113 | 1 Roi Revolution | 1 Urchin | 2025-04-09 | N/A |
| report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112. | ||||
| CVE-2008-6553 | 1 Impliedbydesign | 1 Micro-cms | 2025-04-09 | N/A |
| microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a delete_admin action, and (3) modify administrative passwords via a change_password action. | ||||
| CVE-2007-1160 | 1 Webspell | 1 Webspell | 2025-04-09 | N/A |
| webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | ||||
| CVE-2010-0014 | 1 Fedoraproject | 1 Sssd | 2025-04-09 | N/A |
| System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT. | ||||
| CVE-2009-4584 | 1 Dbmasters | 1 Db Masters Multimedia Links Directory | 2025-04-09 | N/A |
| admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentication and gain administrative access via a certain value of the admin_log cookie. | ||||
| CVE-2009-4232 | 2 Jonijnm, Joomla | 2 Com Kide, Joomla\! | 2025-04-09 | N/A |
| The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4151 | 1 Bestpractical | 1 Rt | 2025-04-09 | N/A |
| Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a related issue to CVE-2009-3585. | ||||
| CVE-2009-4128 | 1 Gnu | 1 Grub 2 | 2025-04-09 | N/A |
| GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1. | ||||
| CVE-2009-4095 | 1 Companionway | 1 Myphile | 2025-04-09 | N/A |
| myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4089 | 1 Telepark | 1 Telepark.wiki | 2025-04-09 | N/A |
| telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php. | ||||
| CVE-2009-3657 | 2 Drupal, Tim Nelson | 2 Drupal, Shared Sign-on | 2025-04-09 | N/A |
| Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2009-3635 | 1 Typo3 | 1 Typo3 | 2025-04-09 | N/A |
| The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential. | ||||