Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4806 | 1 Digitalinterchange | 1 Digital Interchange Document Library | 2017-09-18 | 7.5 HIGH | N/A |
| admin/save_user.asp in Digital Interchange Document Library 1.0.1 does not require administrative authentication, which allows remote attackers to read or modify the administrator's credentials via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4808 | 1 Graugon | 1 Php Article Publisher | 2017-09-18 | 7.5 HIGH | N/A |
| admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1. | |||||
| CVE-2009-4927 | 1 Webmobo | 1 Wbnews | 2017-09-18 | 7.5 HIGH | N/A |
| WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1. | |||||
| CVE-2009-4929 | 1 Sweetphp | 1 Totalcalender | 2017-09-18 | 7.5 HIGH | N/A |
| admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters. | |||||
| CVE-2009-4987 | 1 Scripteen | 1 Free Image Hosting Script | 2017-09-18 | 7.5 HIGH | N/A |
| admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211. | |||||
| CVE-2009-2233 | 1 Awscripts | 1 Gallery Search Engine | 2017-09-18 | 7.5 HIGH | N/A |
| The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1. | |||||
| CVE-2009-2382 | 1 Jay-jayx0r | 1 Phpmyblockchecker | 2017-09-18 | 7.5 HIGH | N/A |
| admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN. | |||||
| CVE-2009-2328 | 1 Max Kervin | 1 Kervinet Forum | 2017-09-18 | 7.5 HIGH | N/A |
| admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter. | |||||
| CVE-2009-3158 | 1 Carsten Wulff | 1 Simplephpweb | 2017-09-18 | 7.5 HIGH | N/A |
| admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2255 | 1 Zen-cart | 1 Zen Cart | 2017-09-18 | 6.8 MEDIUM | N/A |
| Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/. | |||||
| CVE-2009-2231 | 1 Mid.as | 1 Midas | 2017-09-18 | 7.5 HIGH | N/A |
| MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie. | |||||
| CVE-2009-3423 | 1 Zenas | 1 Paolink | 2017-09-18 | 6.8 MEDIUM | N/A |
| login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1. | |||||
| CVE-2009-3168 | 1 Mevin | 1 Basic-php-events-lister | 2017-09-18 | 6.5 MEDIUM | N/A |
| Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request. | |||||
| CVE-2009-3422 | 1 Zenas | 1 Paoliber | 2017-09-18 | 6.8 MEDIUM | N/A |
| login.php in Zenas PaoLiber 1.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1. | |||||
| CVE-2009-2642 | 1 Desiscripts | 1 Desi Short Url Script | 2017-09-18 | 7.5 HIGH | N/A |
| index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13. | |||||
| CVE-2009-2697 | 2 Gnome, Redhat | 2 Gdm, Enterprise Linux | 2017-09-18 | 6.8 MEDIUM | N/A |
| The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079. | |||||
| CVE-2009-3966 | 1 Arcadetradescript | 1 Arcade Trade Script | 2017-09-18 | 7.5 HIGH | N/A |
| Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true. | |||||
| CVE-2017-1520 | 3 Ibm, Linux, Microsoft | 4 Db2, Db2 Connect, Linux Kernel and 1 more | 2017-09-15 | 4.3 MEDIUM | 3.7 LOW |
| IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830. | |||||
| CVE-2017-14117 | 2 Arris, Att | 3 Nvg589, Nvg599, U-verse Firmware | 2017-09-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values. | |||||
| CVE-2015-6401 | 1 Cisco | 1 Epc3928 Docsis 3.0 8x4 Wireless Residential Gateway With Embedded Digital Voice Adapter | 2017-09-12 | 7.5 HIGH | N/A |
| Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941. | |||||