ReportizFlow
Filtered by vendor
Subscriptions
Total
4436 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0853 | 1 Stewart Howe | 1 Celerbb | 2026-04-23 | N/A |
| login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value. | ||||
| CVE-2009-4447 | 1 Jax Scripts | 1 Jax Guestbook | 2026-04-23 | N/A |
| Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php. | ||||
| CVE-2006-5268 | 1 Trend Micro | 1 Serverprotect | 2026-04-23 | N/A |
| Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface." | ||||
| CVE-2008-5692 | 1 Ipswitch | 1 Ws Ftp | 2026-04-23 | N/A |
| Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name. | ||||
| CVE-2009-4409 | 1 Iij | 1 Seil\/b1 | 2026-04-23 | N/A |
| The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack. | ||||
| CVE-2008-4244 | 1 Rianxosencabos Cms | 1 Rianxosencabos Cms | 2026-04-23 | N/A |
| Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1. | ||||
| CVE-2008-5783 | 1 V3chat | 1 V3 Chat Live Support | 2026-04-23 | N/A |
| admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | ||||
| CVE-2008-0960 | 7 Cisco, Ecos Sourceware, Ingate and 4 more | 27 Ace 10 6504 Bundle With 4 Gbps Throughput, Ace 10 6509 Bundle With 8 Gbps Throughput, Ace 10 Service Module and 24 more | 2026-04-23 | N/A |
| SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. | ||||
| CVE-2009-3231 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 6 Ubuntu Linux, Fedora, Opensuse and 3 more | 2026-04-23 | N/A |
| The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password. | ||||
| CVE-2007-1480 | 1 Creative Guestbook | 1 Creative Guestbook | 2026-04-23 | N/A |
| Creative Guestbook 1.0 allows remote attackers to add an administrative account via a direct request to createadmin.php with Name, Email, and PASSWORD parameters set. | ||||
| CVE-2008-3466 | 1 Microsoft | 3 Host Integration Server 2000, Host Integration Server 2004, Host Integration Server 2006 | 2026-04-23 | N/A |
| Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." | ||||
| CVE-2007-1062 | 1 Cisco | 4 Unified Ip Conference Station 7935, Unified Ip Conference Station 7935 Firmware, Unified Ip Conference Station 7936 and 1 more | 2026-04-23 | N/A |
| The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time | ||||
| CVE-2009-0130 | 1 Erlang | 1 Erlang | 2026-04-23 | 7.5 High |
| lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid. | ||||
| CVE-2008-0351 | 1 Evilsentinel | 1 Evilsentinel | 2026-04-23 | N/A |
| admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php. | ||||
| CVE-2008-5945 | 1 Nukevietcms | 1 Nukeviet | 2026-04-23 | N/A |
| Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2481 | 2 Six Apart, Sixapart | 2 Movable Type, Movable Type | 2026-04-23 | N/A |
| mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors. | ||||
| CVE-2009-2863 | 1 Cisco | 1 Ios | 2026-04-23 | N/A |
| Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227. | ||||
| CVE-2008-6858 | 1 Xigla | 1 Absolute Banner Manager.net | 2026-04-23 | N/A |
| Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2008-0823 | 1 Drupal | 1 Header Image | 2026-04-23 | N/A |
| Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors. | ||||
| CVE-2008-6307 | 1 E-topbiz | 1 Link Back Checker | 2026-04-23 | N/A |
| E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin." | ||||