Search Results (4506 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4679 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate.
CVE-2008-5576 1 Scssboard 1 Scssboard 2026-04-23 N/A
admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the current_user[users_level] parameter.
CVE-2008-4622 1 Phpfastnews 1 Phpfastnews 2026-04-23 N/A
The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1.
CVE-2008-3814 1 Cisco 1 Unity 2026-04-23 N/A
Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once.
CVE-2008-4614 1 Portalapp 1 Portalapp 2026-04-23 N/A
PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies.
CVE-2008-4576 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2026-04-23 N/A
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires.
CVE-2008-3866 1 Trend Micro 3 Internet Security 2007, Internet Security 2008, Officescan 2026-04-23 N/A
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.
CVE-2008-4689 1 Mantis 1 Mantis 2026-04-23 N/A
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
CVE-2008-4708 1 Sylvain Pasquet 1 Bbzl.php 2026-04-23 N/A
BbZL.PhP 0.92 allows remote attackers to bypass authentication and gain administrative access by setting the phorum_admin_session cookie to 1.
CVE-2009-0021 2 Ntp, Redhat 2 Ntp, Enterprise Linux 2026-04-23 N/A
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
CVE-2008-3891 1 Google 1 Google Apps 2026-04-23 N/A
The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field.
CVE-2008-2269 1 Kevin Ludlow 1 Austinsmoke Gastracker 2026-04-23 N/A
AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers to bypass authentication and gain privileges by setting the gastracker_admin cookie to TRUE.
CVE-2008-3815 1 Cisco 2 Asa 5500, Pix 2026-04-23 N/A
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors.
CVE-2002-2427 1 Goahead 1 Goahead Webserver 2026-04-23 N/A
The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.
CVE-2007-5913 1 Jean Charles 1 Jbc Explorer 2026-04-23 N/A
dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters.
CVE-2008-2347 1 Mypicgallery 1 Mypicgallery 2026-04-23 N/A
MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php.
CVE-2008-1469 1 Gallarific 1 Gallarific 2026-04-23 N/A
Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2298 1 Sourceforge 1 Web Slider 2026-04-23 N/A
Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1.
CVE-2008-1356 1 Sun 1 Solaris 2026-04-23 N/A
Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash.
CVE-2008-7156 1 Ekinboard 1 Ekinboard 2026-04-23 N/A
EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php.