| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action. |
| admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root. |
| Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie. |
| S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie. |
| admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to bypass authentication and access the admin panel by setting the xecms_username cookie. |
| Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors. |
| changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords. |
| Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field. |
| BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true. |
| webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. |
| Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. |
| Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. |
| MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie. |
| index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account. |
| SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database. |
| Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. |
| The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability." |
| Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server. |
| Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. |
| admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter. |
