The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.
Max CVSS
5.0
EPSS Score
0.15%
Published
2009-02-06
Updated
2009-07-23
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."
Max CVSS
3.5
EPSS Score
0.19%
Published
2009-03-31
Updated
2017-08-17
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.76%
Published
2009-08-24
Updated
2017-08-17
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.
Max CVSS
4.6
EPSS Score
0.04%
Published
2009-01-21
Updated
2017-08-08
The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.
Max CVSS
6.0
EPSS Score
0.47%
Published
2009-01-30
Updated
2017-08-08
futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id.
Max CVSS
5.8
EPSS Score
0.32%
Published
2009-01-02
Updated
2009-02-26
admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok".
Max CVSS
7.5
EPSS Score
1.86%
Published
2009-01-08
Updated
2017-09-29
Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
1.07%
Published
2009-01-22
Updated
2017-08-08
Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
Max CVSS
6.8
EPSS Score
1.55%
Published
2009-01-23
Updated
2018-10-11
admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.
Max CVSS
7.5
EPSS Score
0.76%
Published
2009-01-26
Updated
2017-10-19
SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1.
Max CVSS
7.5
EPSS Score
1.66%
Published
2009-01-30
Updated
2017-09-29
Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
Max CVSS
6.8
EPSS Score
5.19%
Published
2009-02-03
Updated
2018-10-11
Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter.
Max CVSS
6.8
EPSS Score
4.81%
Published
2009-02-03
Updated
2024-03-19
phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie.
Max CVSS
7.5
EPSS Score
2.04%
Published
2009-02-09
Updated
2017-09-29
win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.
Max CVSS
7.5
EPSS Score
5.00%
Published
2009-02-11
Updated
2017-09-29
Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
Max CVSS
6.8
EPSS Score
0.93%
Published
2009-02-13
Updated
2017-08-17
Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
Max CVSS
6.0
EPSS Score
0.48%
Published
2009-02-13
Updated
2017-08-17
OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie.
Max CVSS
7.5
EPSS Score
1.07%
Published
2009-02-16
Updated
2017-09-29
Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin.
Max CVSS
7.5
EPSS Score
1.66%
Published
2009-02-20
Updated
2017-09-29
Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users.
Max CVSS
7.5
EPSS Score
5.67%
Published
2009-02-25
Updated
2017-09-29
Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
1.76%
Published
2009-02-26
Updated
2017-08-17
E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin."
Max CVSS
7.5
EPSS Score
5.00%
Published
2009-02-26
Updated
2017-09-29
Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1.
Max CVSS
7.5
EPSS Score
1.66%
Published
2009-03-06
Updated
2017-09-29
Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.
Max CVSS
5.0
EPSS Score
0.22%
Published
2009-03-06
Updated
2009-03-10
Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.42%
Published
2009-03-09
Updated
2017-08-17
211 vulnerabilities found
1 2 3 4 5 6 7 8 9
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!