| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php. |
| Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie. |
| Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation. |
| AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto." |
| Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet. |
| includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter. |
| Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpb_username cookie. |
| Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol. |
| Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-01 allows remote attackers to bypass authentication and "view files" via unspecified vectors. |
| admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie. |
| NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. |
| CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. |
| profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin." |
| Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. |
| Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. |
| Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. |
| Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. |
| Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. |
| action.php in SH-News 3.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values. |
| Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. |
