Search Results (4510 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1596 1 Igniterealtime 1 Openfire 2026-04-23 6.5 Medium
Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet.
CVE-2008-2298 1 Sourceforge 1 Web Slider 2026-04-23 N/A
Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1.
CVE-2008-4427 1 Phlatline 1 Personal Information Manager 2026-04-23 N/A
changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.
CVE-2008-6965 1 Aj Square 1 Aj Auction 2026-04-23 N/A
AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly other vectors.
CVE-2008-5296 1 Gallery 1 Gallery 2026-04-23 N/A
Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information.
CVE-2008-6858 1 Xigla 1 Absolute Banner Manager.net 2026-04-23 N/A
Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
CVE-2007-0435 1 T-com 2 Speedport 500v, Speedport 500v Firmware 2026-04-23 N/A
T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value.
CVE-2009-0892 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.
CVE-2008-3729 1 Microworld Technologies 1 Mailscan 2026-04-23 N/A
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie.
CVE-2008-6859 1 Xigla 1 Absolute Control Panel Xe 2026-04-23 N/A
Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
CVE-2008-7046 1 Ajsquare 1 Free Polling Script 2026-04-23 N/A
AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1629 1 Antony Lesuisse 1 Ajaxterm 2026-04-23 N/A
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
CVE-2009-0046 1 Sun 1 Grid Engine 2026-04-23 N/A
Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
CVE-2008-7027 1 Libra File Manager 1 Php Filemanager 2026-04-23 N/A
Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1.
CVE-2006-6705 1 Soumu 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow 2026-04-23 N/A
Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors.
CVE-2008-6118 1 Goople Cms 1 Goople Cms 2026-04-23 N/A
win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.
CVE-2009-0906 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors.
CVE-2006-6783 1 Logahead 1 Logahead Unu 2026-04-23 N/A
logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. NOTE: some of these details are obtained from third party information.
CVE-2008-5221 1 Wportfolio 1 Wportfolio 2026-04-23 N/A
The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.
CVE-2007-1160 1 Webspell 1 Webspell 2026-04-23 N/A
webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.