| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity. |
| Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie. |
| Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. |
| adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges. |
| auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users. |
| The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability." |
| admin.php in Internet Photoshow and Internet Photoshow Special Edition (SE) allows remote attackers to bypass authentication by setting the login_admin cookie to true. |
| Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. |
| Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php. |
| AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers to bypass authentication and gain privileges by setting the gastracker_admin cookie to TRUE. |
| Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter. |
| Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. |
| Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1. |
| inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters. |
| OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie. |
| login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypass authentication and obtain access to an arbitrary account by setting the logged_in cookie to that account's username. |
| admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information. |
| login.php in Zenas PaoLiber 1.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1. |
| login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1. |
| Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. |
