Security Vulnerabilities, CVEs, Published In January 2007 (Bypass)
T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value.
Max CVSS
7.5
EPSS Score
6.93%
Published
2007-01-23
Updated
2018-10-16
BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods.
Max CVSS
7.5
EPSS Score
4.43%
Published
2007-01-23
Updated
2011-03-08
Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.
Max CVSS
7.5
EPSS Score
1.59%
Published
2007-01-12
Updated
2017-07-29
Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access.
Max CVSS
10.0
EPSS Score
0.85%
Published
2007-01-04
Updated
2018-11-01
4 vulnerabilities found