Total
4062 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-7007 | 1 Phpversion | 1 Php Vx Guestbook | 2025-04-09 | N/A |
| Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1. | ||||
| CVE-2008-3211 | 1 Scripteen | 1 Free Image Hosting Script | 2025-04-09 | N/A |
| Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attackers to bypass authentication and gain administrative access by setting the cookid cookie value to 1. | ||||
| CVE-2008-3203 | 1 Auracms | 1 Auracms | 2025-04-09 | N/A |
| js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter. | ||||
| CVE-2008-6951 | 1 Cms.maury91 | 1 Maurycms | 2025-04-09 | N/A |
| MauryCMS 0.53.2 and earlier does not require administrative authentication for Editors/fckeditor/editor/filemanager/browser/default/browser.html, which allows remote attackers to upload arbitrary files via a direct request. | ||||
| CVE-2008-6858 | 1 Xigla | 1 Absolute Banner Manager.net | 2025-04-09 | N/A |
| Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2008-2406 | 1 Sun | 1 Java Asp Server | 2025-04-09 | N/A |
| The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102. | ||||
| CVE-2008-6857 | 1 Xigla | 1 Absolute Podcast.net | 2025-04-09 | N/A |
| Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2008-4427 | 1 Phlatline | 1 Personal Information Manager | 2025-04-09 | N/A |
| changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords. | ||||
| CVE-2007-1953 | 1 Onelook | 1 Courts Online | 2025-04-09 | N/A |
| Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | ||||
| CVE-2007-1952 | 1 Onelook | 1 Onebyone Cms | 2025-04-09 | N/A |
| Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | ||||
| CVE-2008-6864 | 1 Xigla | 1 Absolute Live Support .net | 2025-04-09 | N/A |
| Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2008-6855 | 1 Xigla | 1 Absolute News Feed | 2025-04-09 | N/A |
| Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie. | ||||
| CVE-2008-6092 | 1 Phpscripts | 1 Ranking-script | 2025-04-09 | N/A |
| phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie. | ||||
| CVE-2008-6863 | 1 Xigla | 1 Absolute Form Processor.net | 2025-04-09 | N/A |
| Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2008-6861 | 1 Xigla | 1 Absolute Newsletter | 2025-04-09 | N/A |
| Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2009-2069 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-09 | N/A |
| Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | ||||
| CVE-2009-2328 | 1 Max Kervin | 1 Kervinet Forum | 2025-04-09 | N/A |
| admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter. | ||||
| CVE-2008-6860 | 1 Xigla | 1 Absolute Poll Manager Xe | 2025-04-09 | N/A |
| Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2008-6859 | 1 Xigla | 1 Absolute Control Panel Xe | 2025-04-09 | N/A |
| Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2006-6705 | 1 Soumu | 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors. | ||||